CVEDB API

Vulnerabilities

Vulnerable Software

Metagauss: >> Registrationmagic Security Vulnerabilities

CVE-2024-9390

The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS Score

4.8

EPSS Score

0.0

Published

2025-05-15

CVE-2025-24686

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.

CVSS Score

7.1

EPSS Score

0.001

Published

2025-01-31

CVE-2023-49831

Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0.

CVSS Score

7.5

EPSS Score

0.001

Published

2024-12-09

CVE-2024-10508

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.

CVSS Score

9.8

EPSS Score

0.05

Published

2024-11-09

CVE-2024-43317

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0.

CVSS Score

4.3

EPSS Score

0.001

Published

2024-08-19

CVE-2024-39643

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RegistrationMagic Forms RegistrationMagic allows Stored XSS.This issue affects RegistrationMagic: from n/a through 6.0.0.1.

CVSS Score

5.8

EPSS Score

0.001

Published

2024-08-01

CVE-2023-51543

Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.

CVSS Score

5.3

EPSS Score

0.001

Published

2024-06-04

CVE-2023-51544

Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0.

CVSS Score

5.3

EPSS Score

0.001

Published

2024-06-04

CVE-2024-33947

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.3.2.0.

CVSS Score

7.1

EPSS Score

0.001

Published

2024-05-03

CVE-2023-23989

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2.

CVSS Score

5.3

EPSS Score

0.001

Published

2024-04-24

Page 1

Vulnerabilities

Vulnerable Software

Metagauss: >> Registrationmagic Security Vulnerabilities

Products

Pricing

Contact Us