Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, with AI-generated Chinese analysis, references, and POCs.

This page catalogs security vulnerabilities and weaknesses affecting the RegistrationMagic product, a WordPress plugin by VendorPress that provides custom registration forms, user registration, payment processing, and user login capabilities. The collection focuses on known security flaws, including potential injection attacks, cross-site scripting issues, authorization bypasses, and improper access controls that have been publicly disclosed or identified in the wild. The entries cover reported vulnerabilities from the plugin's early releases up to the most recent updates, ensuring a comprehensive historical view of its security posture. Visitors to this resource can track VendorPress's advisory history to understand how quickly and effectively they respond to reported issues, thereby assessing the overall maturity of their security development lifecycle. Additionally, users can explore specific vulnerability classes to understand the technical details and potential impact of each flaw on site integrity and user data privacy. The page also allows for looking up the complete vulnerability history of RegistrationMagic to identify patterns, such as recurring types of bugs or specific versions that were particularly insecure, which aids in risk assessment and mitigation planning. By aggregating this information, the page serves as a central hub for security professionals and site administrators to make informed decisions about plugin usage, updates, and defensive configurations, ultimately contributing to a safer WordPress ecosystem by highlighting the specific risks associated with this popular registration and payment tool.

Vendor: metagauss

CVE IDTitleCVSSSeverityPublished
CVE-2025-14444 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment CWE-345 5.3 Medium2026-02-18
CVE-2026-1054 RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification CWE-862 5.3 Medium2026-01-28
CVE-2025-15403 RegistrationMagic <= 6.0.7.1 - Unauthenticated Privilege Escalation via admin_order CWE-269 9.8 Critical2026-01-17
CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode CWE-79 6.4 Medium2025-12-15
CVE-2017-20208 RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection CWE-502 9.8 Critical2025-10-18
CVE-2025-11204 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection CWE-89 7.2 High2025-10-08
CVE-2025-2836 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting CWE-79 6.4 Medium2025-04-04
CVE-2024-10508 RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery CWE-230 9.8 Critical2024-11-09
CVE-2024-1991 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation CWE-862 8.8 High2024-04-09
CVE-2024-1990 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode CWE-89 8.8 High2024-04-09
CVE-2023-51509 WordPress RegistrationMagic Plugin <= 5.2.4.1 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2024-02-01
CVE-2023-50846 WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection CWE-89 7.6 High2023-12-28
CVE-2023-47645 WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 4.3 Medium2023-11-30
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change CWE-639 6.6 Medium2023-05-16
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass CWE-288 9.8 Critical2023-05-16

All 15 known CVE vulnerabilities affecting RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login with full Chinese analysis, references, and POCs where available.