CVE-2025-13610

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions through 6.0.6.7

Description The RegistrationMagic plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping on the theme attribute within the plugin's 'RM Forms' shortcode. Authenticated attackers with contributor-level access or higher can inject malicious web scripts into pages. These scripts will then execute whenever a user accesses the compromised page.

Recommendations Update RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress to a version later than 6.0.6.7.