5 matches found
CVE-2025-2836
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paymentmethod’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapin...
CVE-2025-2836
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paymentmethod’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapin...
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paymentmethod’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapin...
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘paymentmethod’ parameter in all versions up to, and including, 6.0.4.3 due to insufficient input sanitization and output escapin...
CVE-2025-2836
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is affected by a Stored Cross-Site Scripting (XSS) flaw exploited via the payment_method parameter. Affected versions go up to and including 6.0.4.3 . The root cause is described as insu...