CVE-2025-11204

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions through 6.0.6.2

Description The RegistrationMagic plugin for WordPress is susceptible to SQL Injection due to inadequate input sanitization and query preparation. This allows authenticated attackers with administrator privileges or higher to inject additional SQL queries, potentially extracting sensitive database information. Additionally, an unauthenticated attacker can leverage a Reflected Cross-Site Scripting attack via the user-agent during form submission. The vulnerable parameter is not explicitly specified.

Recommendations Update RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress to a version later than 6.0.6.2.