100 matches found
CVE-2021-24648
The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rmsearchvalue parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting...
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...
CVE-2020-8436
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rmformid, rmtr, or formname parameter...
CVE-2020-8435
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rmanalyticsshowform rmformid parameter...
CVE-2020-9456
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users with minimal privileges to elevate their privileges to administrator via classrmusercontroller.php rmuseredit...
CVE-2020-9455
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to send arbitrary emails on behalf of the site via classrmuserservices.php sendemailuserview...
CVE-2024-9390
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9390
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9390 RegistrationMagic < 6.0.2.1 - Stored XSS
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9390
CVE-2024-9390 affects the WordPress plugin RegistrationMagic prior to version 6.0.2.1. The issue arises because the plugin does not sanitize and escape several settings, allowing high-privilege users (e.g., admins) to perform Stored XSS even when unfiltered_html is disallowed (such as in multisit...
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paymentmethod’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapin...
CVE-2024-1990
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RMForm shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied...
CVE-2024-1991
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateusersrole function in all versions up to, and including, 5.3.0.0. This makes it possible for...
CVE-2024-10508
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updati...
WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin RegistrationMagic versions = 6.0.3.3...
Exploit for Improper Handling of Missing Values in Metagauss Registrationmagic
CVE-2024-10508 This tool scans WordPress sites for vulnerabil...
CVE-2024-10508
The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updati...
PT-2024-16328 · WordPress · Registrationmagic
Name of the Vulnerable Software and Affected Versions: RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress versions up to, and including, 6.0.2.6 Description: The issue is due to the plugin not properly validating the password reset token prior to...
PT-2024-39613 · WordPress +1 · Custom-Registration-Form-Builder-With-Submission-Manager +1
Name of the Vulnerable Software and Affected Versions: RegistrationMagic WordPress plugin versions prior to 6.0.2.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
WordPress plugin RegistrationMagic 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...