CVE-2025-24686 — Cross-site Scripting in Registrationmagic

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 47.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Metagauss Registrationmagic

Timeline

PublishedJan 31

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through <= 6.0.3.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDmetagauss/registrationmagic< 6.0.3.4

▶CVEListV5metagauss/registrationmagic6.0.3.3

🔴Vulnerability Details

CVEList

WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability↗2025-01-31

▶

GHSA

GHSA-5vw3-ggxc-mhgp: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMa↗2025-01-31

▶