CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Metagauss: >> Registrationmagic >> 6.0.2.6 Security Vulnerabilities

CVE-2025-24686

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.

CVSS Score

7.1

EPSS Score

0.001

Published

2025-01-31

CVE-2024-10508

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts.

CVSS Score

9.8

EPSS Score

0.119

Published

2024-11-09

Page 1

Vulnerabilities

Vulnerable Software

Metagauss: >> Registrationmagic >> 6.0.2.6 Security Vulnerabilities

Products

Pricing

Contact Us