Browse all 4 CVE security advisories affecting RegistrationMagic. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RegistrationMagic is a WordPress form builder plugin primarily used for creating custom registration and contact forms. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper capability checks. The plugin's security record includes four CVEs, with some issues allowing unauthenticated attackers to execute arbitrary code or escalate privileges to administrator levels. These vulnerabilities typically arise from improper sanitization of user inputs and inadequate access controls, posing significant risks to websites that fail to maintain updated versions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-50846 | WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-89 | 7.6 | High | 2023-12-28 |
| CVE-2023-47645 | WordPress RegistrationMagic Plugin <= 5.2.2.6 is vulnerable to Cross Site Request Forgery (CSRF) — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User LoginCWE-352 | 4.3 | Medium | 2023-11-30 |
| CVE-2023-25991 | WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF) — RegistrationMagicCWE-352 | 5.4 | Medium | 2023-03-13 |
| CVE-2021-4073 | RegistrationMagic <= 5.0.1.7 Authentication Bypass — RegistrationMagicCWE-287 | 9.8 | Critical | 2021-12-14 |
This page lists every published CVE security advisory associated with RegistrationMagic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.