Home

Description

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to fetch a remote file and install it on the site.

PUBLISHED Reserved 2025-10-17 | Published 2025-10-18 | Updated 2025-10-18 | Assigner Wordfence




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status
unaffected

* before 3.7.9.3
affected

Timeline

2017-10-02:Disclosed

Credits

Brad Haas finder

References

www.wordfence.com/...-f8fc-4ea2-8973-fe292cfb926b?source=cve

www.wordfence.com/...-plugin-vulnerabilities-exploited-wild/

plugins.trac.wordpress.org/...uilder-with-submission-manager

cve.org (CVE-2017-20208)

nvd.nist.gov (CVE-2017-20208)

Download JSON