CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2025-32636 WordPress Local Magic plugin <= 2.9.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in matthewrubin Local Magic local-magic allows SQL Injection.This issue affects Local Magic: from n/a through = 2.9.0...

WordPress plugin Local Magic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin AI Magic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress AI Magic – SEO Content Generator & Article Writer plugin <= 1.0.4 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Mika in WordPress Plugin AI Magic versions = 1.0.4...

WordPress plugin RegistrationMagic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...

WordPress eShop Magic Plugin <= 0.1 - Local File Inclusion

This plugin is prone to eshop-magic/download.php file parameter traversal arbitrary file access vulnerability. It allows attackers to disclose sensitive information. Solution Update the plugin...