Lucene search
K

100 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.7 views

CVE-2021-24648

The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rmsearchvalue parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.00876EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.9 views

CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...

8.8CVSS7.2AI score0.0109EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.8 views

CVE-2020-8436

XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rmformid, rmtr, or formname parameter...

6.1CVSS6.2AI score0.01353EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.10 views

CVE-2020-8435

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rmanalyticsshowform rmformid parameter...

8.1CVSS8AI score0.01919EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:44 p.m.8 views

CVE-2020-9456

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users with minimal privileges to elevate their privileges to administrator via classrmusercontroller.php rmuseredit...

8.8CVSS6.7AI score0.02511EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.5 views

CVE-2020-9455

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to send arbitrary emails on behalf of the site via classrmuserservices.php sendemailuserview...

4.3CVSS6.8AI score0.01439EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:3 p.m.11 views

CVE-2024-9390

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:16 p.m.15 views

CVE-2024-9390

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00266EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-9390 RegistrationMagic < 6.0.2.1 - Stored XSS

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00266EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.35 views

CVE-2024-9390

CVE-2024-9390 affects the WordPress plugin RegistrationMagic prior to version 6.0.2.1. The issue arises because the plugin does not sanitize and escape several settings, allowing high-privilege users (e.g., admins) to perform Stored XSS even when unfiltered_html is disallowed (such as in multisit...

4.8CVSS5.7AI score0.00266EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/04 5:22 a.m.7 views

CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paymentmethod’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00278EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 5:35 a.m.9 views

CVE-2024-1990

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RMForm shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied...

8.8CVSS7.3AI score0.00821EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:20 a.m.13 views

CVE-2024-1991

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateusersrole function in all versions up to, and including, 5.3.0.0. This makes it possible for...

8.8CVSS7.1AI score0.00891EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:2 a.m.10 views

CVE-2024-10508

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updati...

9.8CVSS7.5AI score0.01463EPSS
Exploits2References1
Patchstack
Patchstack
added 2025/01/28 1:52 p.m.4 views

WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin RegistrationMagic versions = 6.0.3.3...

7.1CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2024/11/21 4:32 a.m.434 views

Exploit for Improper Handling of Missing Values in Metagauss Registrationmagic

CVE-2024-10508 This tool scans WordPress sites for vulnerabil...

9.8CVSS9.7AI score0.01463EPSS
Exploits2
OSV
OSV
added 2024/11/09 8:15 a.m.4 views

CVE-2024-10508

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updati...

9.8CVSS5.9AI score0.01463EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/11/09 12:0 a.m.8 views

PT-2024-16328 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress versions up to, and including, 6.0.2.6 Description: The issue is due to the plugin not properly validating the password reset token prior to...

9.8CVSS7.9AI score0.01463EPSS
Exploits2References15
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.4 views

PT-2024-39613 · WordPress +1 · Custom-Registration-Form-Builder-With-Submission-Manager +1

Name of the Vulnerable Software and Affected Versions: RegistrationMagic WordPress plugin versions prior to 6.0.2.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS4.6AI score0.00266EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.3 views

WordPress plugin RegistrationMagic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS6AI score0.00331EPSS
Exploits0References2
Rows per page
Query Builder