cbcvebase.

Metagauss Registrationmagic vulnerabilities

39 known vulnerabilities affecting metagauss/registrationmagic.

Total CVEs
39
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH19MEDIUM15

Vulnerabilities

Page 1 of 2
CVE-2021-4073P1HIGHCVSS 8.1ExploitedPoC≤ 5.0.1.72021-12-14
CVE-2021-4073 [HIGH] CWE-287 CVE-2021-4073: The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any s The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7.
nvd
CVE-2017-20208P1CRITICALCVSS 9.8Exploitedfixed in 3.7.9.32025-10-18
CVE-2017-20208 [CRITICAL] CWE-502 CVE-2017-20208: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object
nvd
CVE-2021-24862P2HIGHCVSS 7.2PoCfixed in 5.0.1.62022-01-10
CVE-2021-24862 [HIGH] CWE-89 CVE-2021-24862: The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
nvd
CVE-2026-49764P2CRITICALCVSS 9.8≥ n/a, ≤ 6.0.8.62026-06-15
CVE-2026-49764 [CRITICAL] CWE-288 CVE-2026-49764: Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions. Unauthenticated Broken Authentication in RegistrationMagic <= 6.0.8.6 versions.
nvd
CVE-2024-10508P2CRITICALCVSS 9.8fixed in 6.0.2.72024-11-09
CVE-2024-10508 [CRITICAL] CWE-230 CVE-2024-10508: The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for una
nvd
CVE-2023-2499P2CRITICALCVSS 9.8≤ 5.2.1.02023-05-16
CVE-2023-2499 [CRITICAL] CWE-288 CVE-2023-2499: The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an a
nvd
CVE-2024-1991P3HIGHCVSS 8.8fixed in 5.3.1.02024-04-09
CVE-2024-1991 [HIGH] CWE-862 CVE-2024-1991: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the update_users_role() function in all versions up to, and including, 5.3.0.0. This makes it possible for authenticated attackers, with subscriber-level access and
nvd
CVE-2020-9457P3HIGHCVSS 8.8≤ 4.6.0.32020-03-06
CVE-2020-9457 [HIGH] CWE-862 CVE-2020-9457: The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with m The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
nvd
CVE-2020-9456P3HIGHCVSS 8.8≤ 4.6.0.32020-03-06
CVE-2020-9456 [HIGH] CWE-862 CVE-2020-9456: In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote aut In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
nvd
CVE-2024-1990P3HIGHCVSS 8.8fixed in 5.3.2.02024-04-09
CVE-2024-1990 [HIGH] CWE-89 CVE-2024-1990: The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RM_Form shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing
nvd
CVE-2026-24373P3HIGHCVSS 8.1≤ 6.0.7.12026-03-25
CVE-2026-24373 [HIGH] CWE-266 CVE-2026-24373: Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.
nvd
CVE-2024-25935P3CRITICALCVSS 9.8fixed in 5.2.6.0≥ n/a, ≤ 5.2.5.92024-04-11
CVE-2024-25935 [CRITICAL] CWE-862 CVE-2024-25935: Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMa Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.
nvd
CVE-2020-9458P3HIGHCVSS 8.8≤ 4.6.0.32020-03-06
CVE-2020-9458 [HIGH] CWE-862 CVE-2020-9458: In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote aut In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
nvd
CVE-2020-8435P3HIGHCVSS 8.1v4.6.0.02020-03-12
CVE-2020-8435 [HIGH] CWE-89 CVE-2020-8435: An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injectio An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
nvd
CVE-2026-32498P3HIGHCVSS 7.5≥ n/a, ≤ <= 6.0.7.62026-03-25
CVE-2026-32498 [HIGH] CWE-862 CVE-2026-32498: Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder- Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
nvd
CVE-2023-51543P3HIGHCVSS 7.5fixed in 5.2.5.1≥ n/a, ≤ 5.2.5.02024-06-04
CVE-2023-51543 [HIGH] CWE-290 CVE-2023-51543: Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Func Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
nvd
CVE-2023-49831P3HIGHCVSS 7.5fixed in 5.2.3.1≤ 5.2.3.02024-12-09
CVE-2023-49831 [HIGH] CWE-862 CVE-2023-49831: Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder- Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 5.2.3.0.
nvd
CVE-2023-23976P3HIGHCVSS 7.5fixed in 5.1.9.3≥ n/a, ≤ 5.1.9.22024-04-24
CVE-2023-23976 [HIGH] CWE-276 CVE-2023-23976: Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Function Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2.
nvd
CVE-2023-2548P3HIGHCVSS 7.2≤ 5.2.0.52023-05-16
CVE-2023-2548 [HIGH] CWE-639 CVE-2023-2548: The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in ver The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permi
nvd
CVE-2023-50846P3HIGHCVSS 7.2≤ 5.2.4.52023-12-28
CVE-2023-50846 [HIGH] CWE-89 CVE-2023-50846: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.5.
nvd
Metagauss Registrationmagic vulnerabilities | cvebase