Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

RegistrationMagic — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in RegistrationMagic, with AI-generated Chinese analysis, references, and POCs.

This page details known weaknesses and vulnerabilities associated with the RegistrationMagic plugin developed by Sonaar Systems. It serves as a centralized resource for understanding the security landscape surrounding this specific WordPress extension used for form creation and user registration. The content aggregates security issues affecting RegistrationMagic, encompassing various weakness types such as cross-site scripting, SQL injection, and improper access control. This collection covers reported vulnerabilities from the plugin's inception through recent updates, reflecting the history of security advisories and patches issued by the vendor. By compiling these data points, the page aims to provide a comprehensive view of the product's security posture over time, allowing for a clearer assessment of its risk profile. Visitors to this page can track specific security advisories released by the Sonaar Systems vendor to stay informed about critical fixes. Users can also explore how different weakness classes have manifested within the codebase, helping developers and security auditors understand common pitfalls in similar implementations. Additionally, the resource allows for looking up the full vulnerability history of RegistrationMagic, offering insights into how past issues were resolved and whether recurring patterns exist. This information supports better decision-making for site administrators deciding whether to update, replace, or audit the plugin, ensuring a more secure and stable environment for user data and form submissions.

Vendor: RegistrationMagic

CVE IDTitleCVSSSeverityPublished
CVE-2026-49764 WordPress RegistrationMagic plugin <= 6.0.8.6 - Broken Authentication vulnerability CWE-288 9.8 Critical2026-06-15
CVE-2026-32498 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability CWE-862 7.5 High2026-03-25
CVE-2026-24373 WordPress RegistrationMagic plugin <= 6.0.7.1 - Account Takeover vulnerability CWE-266 8.1 High2026-03-25
CVE-2026-32385 WordPress RegistrationMagic plugin <= 6.0.7.6 - Broken Access Control vulnerability CWE-862 5.4 Medium2026-03-13
CVE-2026-0929 RegistrationMagic < 6.0.7.2 - Subscriber+ Form Creation 4.3AIMediumAI2026-02-16
CVE-2025-15520 RegistrationMagic <= 6.0.7.2 - Subscriber+ Sensitive Data Disclosure 6.5AIMediumAI2026-02-13
CVE-2026-24374 WordPress RegistrationMagic plugin <= 6.0.6.9 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 5.4 Medium2026-01-22
CVE-2024-9390 RegistrationMagic < 6.0.2.1 - Stored XSS 4.8AIMediumAI2025-05-15
CVE-2025-24686 WordPress RegistrationMagic Plugin <= 6.0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-01-31
CVE-2023-49831 WordPress RegistrationMagic plugin <= 5.2.3.0 - Broken Access Control vulnerability CWE-862 7.5 High2024-12-09
CVE-2024-43317 WordPress RegistrationMagic plugin <= 6.0.1.0 - Cross Site Scripting (XSS) vulnerability CWE-79 4.3 Medium2024-08-19
CVE-2024-39643 WordPress RegistrationMagic plugin <= 6.0.0.1 - Cross Site Scripting (XSS) vulnerability CWE-79 5.8 Medium2024-08-01
CVE-2023-51544 WordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability CWE-799 5.3 Medium2024-06-04
CVE-2023-51543 WordPress RegistrationMagic plugin <= 5.2.5.0 - IP Limit Bypass vulnerability CWE-290 5.3 Medium2024-06-04
CVE-2024-33947 WordPress RegistrationMagic plugin <= 5.3.2.0 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-05-03
CVE-2023-23989 WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection CWE-79 5.3 Medium2024-04-24
CVE-2023-23976 WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change CWE-276 7.5 High2024-04-24
CVE-2024-2951 WordPress RegistrationMagic plugin <= 5.3.0.0 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2024-03-26
CVE-2024-25935 WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-03-21
CVE-2024-29113 WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-03-19
CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 5.4 Medium2023-03-13
CVE-2021-4073 RegistrationMagic <= 5.0.1.7 Authentication Bypass CWE-287 9.8 Critical2021-12-14

All 22 known CVE vulnerabilities affecting RegistrationMagic with full Chinese analysis, references, and POCs where available.