Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss registrationmagic vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-2499
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthentic...
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2023-47645
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Regi...
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2023-25991
Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions.
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9456
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9458
In the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote malicious users to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated priv...
Metagauss Registrationmagic
8.8
CVSSv3
CVE-2020-9457
The RegistrationMagic plugin up to and including 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
Metagauss Registrationmagic
8.1
CVSSv3
CVE-2021-4073
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plug...
Metagauss Registrationmagic
8.1
CVSSv3
CVE-2020-8435
An issue exists in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.
Metagauss Registrationmagic 4.6.0.0
7.2
CVSSv3
CVE-2023-50846
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login.This issue affects RegistrationMagic – Custom Re...
Metagauss Registrationmagic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »