CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25935 – WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-25935
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. Vulnerabilidad de autorización faltante en Metagauss RegistrationMagic. Este problema afecta a RegistrationMagic: desde n/a hasta 5.2.5.9. The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5.9. This is due to missing or incorrect nonce validation on the rm_options_default_payment_method() function. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-9-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51544 – WordPress RegistrationMagic plugin <= 5.2.5.0 - Form Submission Limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-51544
Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0. La vulnerabilidad de control inadecuado de la frecuencia de interacción en Metagauss RegistrationMagic permite un uso indebido de la funcionalidad. Este problema afecta a RegistrationMagic: desde n/a hasta 5.2.5.0. The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to form submission limit bypass in all versions up to, and including, 5.2.5.0 due to insufficient protection logic. This makes it possible for unauthenticated attackers to submit more form entries than the form submission limit allows. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-form-submission-limit-bypass-vulnerability?_s_id=cve • CWE-693: Protection Mechanism Failure CWE-799: Improper Control of Interaction Frequency •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51543 – WordPress RegistrationMagic plugin <= 5.2.5.0 - IP Limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-51543
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Metagauss RegistrationMagic permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a RegistrationMagic: desde n/a hasta 5.2.5.0. The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.5.0 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to submit more form entries than the form submission limit allows. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-0-ip-limit-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49831 – RegistrationMagic <= 5.2.3.0 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-49831
The RegistrationMagic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_user_profile() function in versions up to, and including, 5.2.3.0. This makes it possible for unauthenticated attackers to update other user's profiles. • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23989 – WordPress RegistrationMagic plugin <= 5.1.9.2 - Content Injection
https://notcve.org/view.php?id=CVE-2023-23989
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.1.9.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Metagauss RegistrationMagic. Este problema afecta a RegistrationMagic: desde n/a hasta 5.1.9.2. The RegistrationMagic plugin for WordPress is vulnerable to content injection in versions up to, and including, 5.1.9.2. This is due to insufficient authorization checks. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-plugin-5-1-9-2-content-injection?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-862: Missing Authorization •