Metagauss Registrationmagic — known CVE vulnerabilities
Every CVE whose affected-product data names Metagauss Registrationmagic, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2024-10508 — CVSS 9.8 (critical): The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege…
CVE-2017-20208 — CVSS 9.8 (critical): The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP…
CVE-2023-2499 — CVSS 9.8 (critical): The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to…
CVE-2021-4073 — CVSS 9.8 (critical): The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if…
CVE-2020-9458 — CVSS 8.8 (high): In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal…
CVE-2020-9456 — CVSS 8.8 (high): In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal…
CVE-2020-9457 — CVSS 8.8 (high): The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom…
CVE-2024-1991 — CVSS 8.8 (high): The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to…
CVE-2020-9454 — CVSS 8.8 (high): A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a…
CVE-2024-1990 — CVSS 8.8 (high): The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind…
CVE-2020-8435 — CVSS 8.1 (high): An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form…
CVE-2023-50846 — CVSS 7.6 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic…
CVE-2023-23976 — CVSS 7.5 (high): Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by…
CVE-2022-0420 — CVSS 7.2 (high): The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL…
CVE-2021-24862 — CVSS 7.2 (high): The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a…
CVE-2025-24686 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic…
CVE-2023-51509 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic –…
CVE-2024-29113 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows…
CVE-2024-33947 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows…
CVE-2023-2548 — CVSS 6.6 (medium): The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5…
CVE-2020-8436 — CVSS 6.1 (medium): XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter.
CVE-2021-24648 — CVSS 6.1 (medium): The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in…
CVE-2024-39643 — CVSS 5.8 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms…
CVE-2023-23989 — CVSS 5.3 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This…
CVE-2023-51543 — CVSS 5.3 (medium): Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by…
CVE-2023-51544 — CVSS 5.3 (medium): Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects…
CVE-2024-9390 — CVSS 4.8 (medium): The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-2951 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through…
CVE-2024-43317 — CVSS 4.3 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration…
CVE-2023-47645 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration…
CVE-2024-25935 — CVSS 4.3 (medium): Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9.
CVE-2020-9455 — CVSS 4.3 (medium): The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary…