Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with AI-generated Chinese analysis, references, and POCs.

This page details the vulnerability aggregation for the RegistrationMagic product, focusing on custom registration forms, user registration, payment processing, and user login functionalities. It compiles a comprehensive collection of security weaknesses identified within this WordPress plugin ecosystem, covering reported incidents and advisories from its inception up to the current date. By browsing this resource, users can effectively track vendor advisories related to specific updates or patches, gain a deeper understanding of prevalent weakness classes such as cross-site scripting, SQL injection, or authorization bypasses often found in form handling plugins, and look up a product's vulnerability history to assess its long-term security posture. The information presented here serves as a neutral reference for security researchers, developers, and administrators who need to evaluate the risks associated with using RegistrationMagic in their web applications. Each entry provides context regarding the severity and impact of the flaws, helping stakeholders make informed decisions about plugin usage, configuration, or potential migration strategies. The focus remains strictly on factual reporting of known issues without speculative commentary or promotional content. This structured overview aims to improve transparency in the open-source WordPress plugin market by clearly documenting past security lapses and their resolutions. Users interested in maintaining a secure environment should review these historical data points alongside current compliance standards and best practices for securing user data in registration and payment workflows.

Vendor: metagauss

CVE IDTitleCVSSSeverityPublished
CVE-2026-12158 RegistrationMagic <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation via 'rmc_assign_user_role_action' Parameter CWE-352 8.8 High2026-07-01
CVE-2026-9242 RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request CWE-345 5.3 Medium2026-06-27
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment CWE-345 5.3 Medium2026-02-18
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification CWE-862 5.3 Medium2026-01-28
CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order CWE-269 9.8 Critical2026-01-17
CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode CWE-79 6.4 Medium2025-12-15
CVE-2017-20208 RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection CWE-502 9.8 Critical2025-10-18
CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection CWE-89 7.2 High2025-10-08
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-04
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery CWE-230 9.8 Critical2024-11-09
CVE-2024-1991 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation CWE-862 8.8 High2024-04-09
CVE-2024-1990 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 8.8 High2024-04-09
CVE-2023-51509 WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2024-02-01
CVE-2023-50846 WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection CWE-89 7.6 High2023-12-28
CVE-2023-47645 WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 4.3 Medium2023-11-30
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change CWE-639 6.6 Medium2023-05-16
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass CWE-288 9.8 Critical2023-05-16

All 17 known CVE vulnerabilities affecting RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login with full Chinese analysis, references, and POCs where available.