Lucene search
K

101 matches found

EUVD
EUVD
added 2026/07/01 7:53 a.m.7 views

EUVD-2026-40924

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:53 a.m.6 views

CVE-2026-12158

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/30 7:50 p.m.5 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/27 8:16 a.m.10 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS0.00232EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.7 views

CVE-2026-9242

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all versions up to and including 6.0.8.6. This is due to the PayPal IPN callback handler...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References15
CVE
CVE
added 2026/06/15 8:19 p.m.52 views

CVE-2026-49764

CVE-2026-49764 concerns the WordPress plugin RegistrationMagic (≤ 6.0.8.6). The vulnerability is an unauthenticated broken authentication issue, exploitable over the network without user interaction. Affected component: RegistrationMagic core/plugin. Underlying impact per the metadata is high acr...

9.8CVSS5.2AI score0.004EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:19 p.m.31 views

CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in RegistrationMagic = 6.0.8.6 versions...

9.8CVSS0.004EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/04 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

9.8CVSS5.9AI score0.00461EPSS
In wildExploits2References2
Vulnrichment
Vulnrichment
added 2026/02/18 10:20 a.m.3 views

CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...

5.3CVSS5.7AI score0.00216EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/18 10:20 a.m.6 views

CVE-2025-14444

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'processpaypalsdkpayment' function in all versions up to, and including, 6.0.6.9. This is...

5.3CVSS5.7AI score0.00216EPSS
Exploits0References6
CVE
CVE
added 2026/02/18 10:20 a.m.25 views

CVE-2025-14444

CVE-2025-14444 – RegistrationMagic for WordPress has a payment bypass vulnerability in the process_paypal_sdk_payment path. The issue arises from trusting client-supplied payment data without validating that PayPal payment actually completed, enabling unauthenticated users to activate registratio...

5.3CVSS5.7AI score0.00216EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/18 12:47 a.m.12 views

WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment vulnerability

WordPress RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin = 6.0.6.9 - Unauthenticated Payment Bypass via rmprocesspaypalsdkpayment vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin RegistrationMagi...

5.3CVSS5.6AI score0.00216EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/17 7:28 a.m.10 views

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

4.3CVSS5.6AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/16 6:0 a.m.4 views

CVE-2026-0929

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

5.5AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/16 6:0 a.m.27 views

CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/16 6:0 a.m.3 views

CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation

The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site...

5.6AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 6:0 a.m.8 views

CVE-2025-15520

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

5.5AI score0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 6:0 a.m.5 views

CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure

The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above...

5.5AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/02/13 6:0 a.m.17 views

CVE-2025-15520

CVE-2025-15520 affects the WordPress plugin RegistrationMagic (versions up to and including 6.0.7.2). The root cause is that the plugin validates nonces but does not verify user capabilities, enabling disclosure of some sensitive data to subscribers and higher-privilege users. Impact is informati...

4.3CVSS5.5AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.11 views

CVE-2025-15403

The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'addmenu' function is accessible via the 'rmuserexists' AJAX action and allows arbitrary updates to the 'adminorder' setting. This makes it possible f...

9.8CVSS6.3AI score0.00461EPSS
Exploits2References1
Rows per page
Query Builder