Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MetagaussRegistrationmagic

9 matches found

CVE
CVEadded 2020/03/06 7:15 p.m.113 views

CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads...

8.8CVSS8.6AI score0.00569EPSS
CVE
CVEadded 2020/03/06 7:15 p.m.113 views

CVE-2020-9456

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.

8.8CVSS8.3AI score0.01959EPSS
CVE
CVEadded 2020/03/06 7:15 p.m.109 views

CVE-2020-9458

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.

8.8CVSS8.3AI score0.01959EPSS
CVE
CVEadded 2020/03/06 7:15 p.m.103 views

CVE-2020-9457

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.

8.8CVSS8.3AI score0.00792EPSS
CVE
CVEadded 2023/11/30 2:15 p.m.65 views

CVE-2023-47645

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Log...

8.8CVSS6.4AI score0.00171EPSS
CVE
CVEadded 2020/03/12 2:15 p.m.64 views

CVE-2020-8435

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.

8.1CVSS8.4AI score0.00864EPSS
CVE
CVEadded 2024/04/09 7:15 p.m.60 views

CVE-2024-1991

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for au...

8.8CVSS9.3AI score0.00221EPSS
CVE
CVEadded 2024/04/09 7:15 p.m.54 views

CVE-2024-1990

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied par...

8.8CVSS9.3AI score0.00532EPSS
CVE
CVEadded 2023/03/13 2:15 p.m.26 views

CVE-2023-25991

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin

8.8CVSS7.2AI score0.00051EPSS