Description
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. This is due to the plugin trusting client-supplied values for payment verification without validating that the payment actually went through PayPal. This makes it possible for unauthenticated attackers to bypass paid registration by manipulating payment status and activating their account without completing a real PayPal payment.
Published: 2026-02-18
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Payment Bypass
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the RegistrationMagic plugin’s process_paypal_sdk_payment function, where client‑supplied payment data is accepted without verification against PayPal’s records. Because the payment status is not validated on the server side, an attacker can forge the transaction parameters and complete a registration without actually completing a PayPal payment. This flaw is classified as CWE‑345 and represents a failure to ensure the authenticity of payment information, leading to a full compromise of the paid‑registration workflow.

Affected Systems

All WordPress sites running the RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin in versions 6.0.6.7 through 6.0.6.9 are affected. The plugin is distributed by metagauss and is widely deployed for custom registration and payment handling in WordPress environments. Sites that expose the process_paypal_sdk_payment endpoint to anonymous users are at direct risk.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. The EPSS score of less than 1% suggests that exploitation attempts are currently rare, and the vulnerability is not listed in CISA’s KEV catalog. However, the likely attack vector is an unauthenticated HTTP request to the process_paypal_sdk_payment endpoint, where an attacker supplies forged payment parameters. If successful, the attacker can gain access to paid registration features without authorizing a real PayPal transaction, fully undermining the site’s payment integrity.

Generated by OpenCVE AI on April 27, 2026 at 21:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the RegistrationMagic plugin to a version newer than 6.0.6.9 that implements proper server‑side verification of PayPal payment status.
  • Configure the web application to require confirmation from the PayPal API before accepting any payment status; reject requests that lack a verified PayPal transaction.
  • If an immediate upgrade is not possible, add a layer of authentication or a unique validation token to the payment processing endpoint, and monitor activity logs for anomalous registration attempts.

Generated by OpenCVE AI on April 27, 2026 at 21:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Metagauss
Metagauss registrationmagic – Custom Registration Forms, User Registration, Payment, And User Login
Wordpress
Wordpress wordpress
Vendors & Products Metagauss
Metagauss registrationmagic – Custom Registration Forms, User Registration, Payment, And User Login
Wordpress
Wordpress wordpress

Wed, 18 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to payment bypass due to insufficient verification of data authenticity on the 'process_paypal_sdk_payment' function in all versions up to, and including, 6.0.6.9. This is due to the plugin trusting client-supplied values for payment verification without validating that the payment actually went through PayPal. This makes it possible for unauthenticated attackers to bypass paid registration by manipulating payment status and activating their account without completing a real PayPal payment.
Title RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment
Weaknesses CWE-345
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Metagauss Registrationmagic – Custom Registration Forms, User Registration, Payment, And User Login
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:33:38.934Z

Reserved: 2025-12-10T13:27:01.938Z

Link: CVE-2025-14444

cve-icon Vulnrichment

Updated: 2026-02-18T12:26:19.889Z

cve-icon NVD

Status : Deferred

Published: 2026-02-18T11:16:30.453

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14444

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T21:15:05Z

Weaknesses