96 matches found
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...
CVE-2026-49764
CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...
VulnCheck KEV: CVE-2025-15403
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...
CVE-2025-14444
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...
CVE-2025-14444
CVE-2025-14444 – RegistrationMagic for WordPress has a payment bypass vulnerability in the process_paypal_sdk_payment path. The issue arises from trusting client-supplied payment data without validating that PayPal payment actually completed, enabling unauthenticated users to activate registratio...
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability
WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin = 6.0.6.9 - Unauthenticated Payment Bypass via rmprocesspaypalsdkpayment vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagi...
CVE-2026-0929
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
CVE-2026-0929
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation
The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...
CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure
The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...
CVE-2025-15520
The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...
CVE-2025-15520
CVE-2025-15520 affects the WordPress plugin RegistrationMagic (versions up to and including 6.0.7.2). The root cause is that the plugin validates nonces but does not verify user capabilities, enabling disclosure of some sensitive data to subscribers and higher-privilege users. Impact is informati...
CVE-2025-15403
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...
CVE-2025-15403
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...
CVE-2025-15403
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...
CVE-2025-15403
CVE-2025-15403 affects the RegistrationMagic WordPress plugin (versions
WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by 0xd4rk5id3 in WordPress Plugin RegistrationMagic versions = 6.0.6.9...
CVE-2023-25991
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...