CVE-2025-11204 – This vulnerability allows SQL injection in the ... (How to Fix)

Q: What is the severity of CVE-2025-11204?

CVE-2025-11204 has a CVSS score of 7.2 (HIGH). This vulnerability allows SQL injection in the RegistrationMagic WordPress plugin due to insufficient input sanitization. Authenticated attackers with administrator privileges can extract sensitive database information, while unauthenticated attackers can achieve reflected cross-site scripting via user-agent manipulation. All WordPress sites using this plugin up to version 6.0.6.2 are affected.

📋 TL;DR

This vulnerability allows SQL injection in the RegistrationMagic WordPress plugin due to insufficient input sanitization. Authenticated attackers with administrator privileges can extract sensitive database information, while unauthenticated attackers can achieve reflected cross-site scripting via user-agent manipulation. All WordPress sites using this plugin up to version 6.0.6.2 are affected.

💻 Affected Systems

Products:

RegistrationMagic - Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress

Versions: All versions up to and including 6.0.6.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: WordPress sites with the RegistrationMagic plugin installed and active are vulnerable regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including user credentials, payment information, and sensitive form submissions leading to data breach and potential site takeover.

🟠

Likely Case

Unauthenticated attackers achieve reflected XSS to steal session cookies, while authenticated admins extract sensitive user data from the database.

🟢

If Mitigated

Limited impact with proper input validation and output encoding preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection requires admin access, but reflected XSS via user-agent is unauthenticated. Exploitation is straightforward once the vulnerability is understood.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.0.6.3 or later

Vendor Advisory: https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find RegistrationMagic plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 6.0.6.3+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the RegistrationMagic plugin until patched to prevent exploitation.

wp plugin deactivate custom-registration-form-builder-with-submission-manager

Web Application Firewall Rules

all

Implement WAF rules to block SQL injection and XSS patterns targeting RegistrationMagic endpoints.

🧯 If You Can't Patch

Remove the RegistrationMagic plugin completely if patching is not possible
Implement strict network segmentation and access controls to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for RegistrationMagic version. If version is 6.0.6.2 or lower, you are vulnerable.

Check Version:

wp plugin get custom-registration-form-builder-with-submission-manager --field=version

Verify Fix Applied:

Verify plugin version is 6.0.6.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in WordPress or database logs
Multiple failed login attempts followed by admin access
Suspicious user-agent strings containing script tags

Network Indicators:

HTTP requests with SQL injection patterns to RegistrationMagic endpoints
Requests with malicious user-agent headers

SIEM Query:

source="wordpress.log" AND ("rm_reports_service" OR "RegistrationMagic") AND ("UNION" OR "SELECT" OR "script" OR "alert(")

📊 Metadata

CVE ID: CVE-2025-11204

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.12% exploit probability (31.8th percentile)

Published: October 8, 2025

Last Updated: October 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11204, you might also want to check these: