WP-Safety

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Security & Risk Analysis

wordpress.org/plugins/custom-registration-form-builder-with-submission-manager

Create customized user registration forms, accept payments, track submissions, manage users, analyze stats, assign user roles and more!

9K active installs v6.0.7.9 PHP 7.2+ WP 5.2.0+ Updated Mar 7, 2026
event-registrationpayment-formregistrationuser-registrationwoocommerce-registration-form
76
B · Generally Safe
CVEs total44
Unpatched0
Last CVEFeb 17, 2026
Plugin page Download
Safety Verdict

Is RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Safe to Use in 2026?

Mostly Safe

Score 76/100

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login is generally safe to use. 44 past CVEs were resolved. Keep it updated.

44 known CVEsLast CVE: Feb 17, 2026Updated 27d ago
Risk Assessment

The "custom-registration-form-builder-with-submission-manager" plugin exhibits a concerning security posture, primarily due to a vast attack surface with a significant number of unprotected AJAX handlers. The static analysis reveals 111 AJAX handlers without authentication checks, representing a critical entry point for potential exploits. While the code demonstrates some good practices, such as a high percentage of prepared SQL statements and properly escaped output, these are overshadowed by the sheer volume of unprotected functionality. The presence of the dangerous `unserialize` function further exacerbates these concerns, as it can be a vector for deserialization vulnerabilities if not handled with extreme care and proper input validation.

The plugin's vulnerability history is alarming, with a substantial total of 44 known CVEs, including a significant number of critical and high-severity issues. The common vulnerability types listed, such as SQL Injection, Cross-site Scripting, Missing Authorization, and Authentication Bypass, indicate recurring patterns of insecure coding practices. The fact that there are currently no unpatched vulnerabilities is a positive, but the extensive history suggests a pattern of introducing security flaws that require patching. The last vulnerability reported in 2026 suggests potential for future undiscovered issues.

In conclusion, while the plugin shows some strengths in database query security and output escaping, the overwhelming number of unprotected AJAX endpoints, the presence of dangerous functions like `unserialize`, and the extensive history of critical vulnerabilities paint a picture of a plugin that requires significant attention to security. Users should proceed with extreme caution.

Key Concerns

  • Large attack surface without auth (AJAX)
  • Dangerous function 'unserialize' detected
  • High number of CVEs (44 total)
  • Critical severity CVEs in history (7)
  • High severity CVEs in history (10)
  • Critical severity taint flows (2)
  • Unsanitized paths in taint flows (13)
  • SQL queries without prepared statements (33%)
  • Bundled library (TinyMCE, Select2) potential risk
Vulnerabilities
44

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Security Vulnerabilities

CVEs by Year

3 CVEs in 2017
2017
7 CVEs in 2020
2020
2 CVEs in 2021
2021
2 CVEs in 2022
2022
11 CVEs in 2023
2023
9 CVEs in 2024
2024
5 CVEs in 2025
2025
5 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
7
High
10
Medium
27

44 total CVEs

CVE-2025-14444medium · 5.3Insufficient Verification of Data Authenticity

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.9 - Unauthenticated Payment Bypass via rm_process_paypal_sdk_payment

Feb 17, 2026 Patched in 6.0.7.0 (1d)
CVE-2026-0929medium · 4.3Missing Authorization

RegistrationMagic < 6.0.7.2 - Missing Authorization

Feb 16, 2026 Patched in 6.0.7.2 (9d)
CVE-2026-1054medium · 5.3Missing Authorization

RegistrationMagic <= 6.0.7.4 - Missing Authorization to Unauthenticated Arbitrary Settings Modification

Jan 27, 2026 Patched in 6.0.7.5 (1d)
CVE-2025-15403critical · 9.8Improper Privilege Management

RegistrationMagic <= 6.0.7.1 - Privilege Escalation via admin_order

Jan 16, 2026 Patched in 6.0.7.2 (10d)
CVE-2026-24374medium · 4.3Cross-Site Request Forgery (CSRF)

RegistrationMagic <= 6.0.6.9 - Cross-Site Request Forgery

Jan 10, 2026 Patched in 6.0.7.0 (25d)
CVE-2025-13610medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode

Dec 15, 2025 Patched in 6.0.6.8 (1d)
CVE-2025-11204high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.6.2 - Authenticated (Administrator+) SQL Injection

Oct 7, 2025 Patched in 6.0.6.3 (1d)
CVE-2025-2836medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Apr 2, 2025 Patched in 6.0.4.4 (2d)
CVE-2024-9390medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 6.0.2.1 (89d)
CVE-2025-24686medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 6.0.3.3 - Reflected Cross-Site Scripting

Jan 28, 2025 Patched in 6.0.3.4 (28d)
CVE-2024-10508critical · 9.8Improper Handling of Missing Values

RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery

Nov 8, 2024 Patched in 6.0.2.7 (1d)
CVE-2024-43317high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic <= 6.0.1.0 - Unauthenticated Stored Cross-Site Scripting

Aug 16, 2024 Patched in 6.0.1.1 (4d)
CVE-2024-39643high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic <= 6.0.0.1 - Unauthenticated Stored Cross-Site Scripting

Aug 1, 2024 Patched in 6.0.0.2 (7d)
CVE-2024-33947medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic <= 5.3.2.0 - Reflected Cross-Site Scripting

Apr 30, 2024 Patched in 5.3.2.1 (8d)
CVE-2024-1990high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode

Mar 26, 2024 Patched in 5.3.2.0 (15d)
CVE-2024-2951medium · 4.3Cross-Site Request Forgery (CSRF)

RegistrationMagic <= 5.3.0.0 - Cross-Site Request Forgery

Mar 26, 2024 Patched in 5.3.1.0 (7d)
CVE-2024-29113medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic <= 5.2.5.9 - Reflected Cross-Site Scripting

Mar 16, 2024 Patched in 5.2.6.0 (5d)
CVE-2024-1991high · 8.8Missing Authorization

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation

Mar 14, 2024 Patched in 5.3.1.0 (27d)
CVE-2024-25935medium · 4.3Cross-Site Request Forgery (CSRF)

RegistrationMagic <= 5.2.5.9 - Cross-Site Request Forgery

Feb 20, 2024 Patched in 5.2.6.0 (78d)
CVE-2023-51543medium · 5.3Protection Mechanism Failure

RegistrationMagic <= 5.2.5.0 - IP Spoofing

Dec 27, 2023 Patched in 5.2.5.1 (27d)
CVE-2023-51544medium · 5.3Protection Mechanism Failure

RegistrationMagic <= 5.2.5.0 - Form Submission Limit Bypass

Dec 27, 2023 Patched in 5.2.5.1 (27d)
CVE-2023-50846medium · 6.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic Plugin <= 5.2.4.5 - Authenticated(Administrator+) SQL Injection

Dec 21, 2023 Patched in 5.2.4.6 (33d)
CVE-2023-49831medium · 5.3Missing Authorization

RegistrationMagic <= 5.2.3.0 - Missing Authorization

Dec 5, 2023 Patched in 5.2.3.1 (49d)
CVE-2023-47645medium · 4.3Cross-Site Request Forgery (CSRF)

RegistrationMagic <= 5.2.2.6 - Cross-Site Request Forgery

Nov 27, 2023 Patched in 5.2.3.0 (57d)
CVE-2023-51509medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic <= 5.2.4.1 - Reflected Cross-Site Scripting via section_id

Oct 7, 2023 Patched in 5.2.4.2 (108d)
CVE-2023-2499critical · 9.8Authentication Bypass Using an Alternate Path or Channel

RegistrationMagic <= 5.2.1.0 - Authentication Bypass

May 15, 2023 Patched in 5.2.1.1 (253d)
CVE-2023-2548medium · 6.6Authorization Bypass Through User-Controlled Key

RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change

May 12, 2023 Patched in 5.2.1.0 (256d)
CVE-2023-25991medium · 5.4Cross-Site Request Forgery (CSRF)

RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion

Feb 17, 2023 Patched in 5.1.9.3 (340d)
CVE-2023-23989medium · 5.3Missing Authorization

RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection

Jan 20, 2023 Patched in 5.1.9.3 (368d)
CVE-2023-23976medium · 5.3Improper Authorization

RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change

Jan 20, 2023 Patched in 5.1.9.3 (368d)
CVE-2022-0420high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic <= 5.0.2.1 - SQL Injection

Feb 7, 2022 Patched in 5.0.2.2 (715d)
CVE-2021-24862high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic <= 5.0.1.5 - SQL Injection

Jan 23, 2022 Patched in 5.0.1.6 (730d)
CVE-2021-24648medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Registration Magic <= 5.0.1.8 - Reflected Cross-Site Scripting

Dec 28, 2021 Patched in 5.0.1.9 (756d)
CVE-2021-4073critical · 9.8Improper Authentication

RegistrationMagic <= 5.0.1.7 - Authentication Bypass

Dec 8, 2021 Patched in 5.0.1.8 (776d)
CVE-2020-9454high · 8Cross-Site Request Forgery (CSRF)

RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Cross-Site Request Forgery to Settings Modification

Mar 5, 2020 Patched in 4.6.0.4 (1419d)
CVE-2020-9456critical · 9.9Missing Authorization

RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Privilege Escalation

Mar 5, 2020 Patched in 4.6.0.4 (1419d)
CVE-2020-9458medium · 4.3Missing Authorization

RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings and User Data Export

Mar 5, 2020 Patched in 4.6.0.4 (1419d)
CVE-2020-9455medium · 4.3Missing Authorization

RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Email Injection

Mar 5, 2020 Patched in 4.6.0.4 (1419d)
CVE-2020-9457critical · 9.9Missing Authorization

RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings Import to Privilege Escalation

Mar 5, 2020 Patched in 4.6.0.4 (1419d)
CVE-2020-8435high · 8.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection

Feb 13, 2020 Patched in 4.6.0.3 (1440d)
CVE-2020-8436medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting

Jan 30, 2020 Patched in 4.6.0.3 (1454d)
WF-6f6883e4-3de6-4ca9-a26c-0b4f3bd5b70f-custom-registration-form-builder-with-submission-managermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

RegistrationMagic - Custom Registration Forms <= 3.7.9.4 - Reflected Cross-Site Scripting

Dec 10, 2017 Patched in 3.8.0.9 (2235d)
WF-6fde9239-edac-4f85-be12-80825595a332-custom-registration-form-builder-with-submission-managerhigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - SQL Injection

Dec 10, 2017 Patched in 3.8.0.9 (2235d)
CVE-2017-20208critical · 9.8Deserialization of Untrusted Data

RegistrationMagic - Custom Registration Forms <= 3.7.9.2 - PHP Object Injection

Oct 2, 2017 Patched in 3.7.9.3 (2938d)
Code Analysis
Analyzed Mar 16, 2026

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Code Analysis

Dangerous Functions
8
Raw SQL Queries
167
337 prepared
Unescaped Output
686
5532 escaped
Nonce Checks
94
Capability Checks
374
File Operations
17
External Requests
6
Bundled Libraries
2

Dangerous Functions Found

unserialize$bill_products = unserialize($payment->bill);admin\views\template_rm_payments_manager.php:142
unserialize$bill = unserialize($data->payment->bill);admin\views\template_rm_payments_view.php:42
unserialize$similar_bill = unserialize($latest_payment->bill);admin\views\template_rm_payments_view.php:294
unserialize$other_bill = unserialize($user_payment->bill);admin\views\template_rm_payments_view.php:350
unserialize$submission_data = unserialize($related_sub->data);includes\class_registration_magic.php:316
unserialize$payment_data = unserialize($payment_detail->log);includes\class_registration_magic.php:381
unserialize$form_data = unserialize($related_sub->data);includes\class_registration_magic.php:529
unserialize$old_field_ids = @unserialize(trim((string)$attr_value));services\class_rm_services.php:606

Bundled Libraries

TinyMCESelect2

SQL Query Safety

67% prepared504 total queries

Output Escaping

89% escaped6218 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

25 flows13 with unsanitized paths
admin_upsell_notices (admin\class_rm_admin.php:2115)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
111 unprotected

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Attack Surface

Entry Points122
Unprotected111

AJAX Handlers 111

authwp_ajax_rm_sort_form_fieldsincludes\class_registration_magic.php:158
authwp_ajax_rm_sort_form_rowsincludes\class_registration_magic.php:159
authwp_ajax_rm_sort_form_row_columnincludes\class_registration_magic.php:160
authwp_ajax_rm_get_statsincludes\class_registration_magic.php:161
authwp_ajax_rm_test_smtp_configincludes\class_registration_magic.php:165
authwp_ajax_rm_test_wordpress_default_mailincludes\class_registration_magic.php:166
authwp_ajax_rm_fb_subscribe_actionincludes\class_registration_magic.php:167
authwp_ajax_rm_get_fieldsincludes\class_registration_magic.php:168
authwp_ajax_rm_save_form_view_settincludes\class_registration_magic.php:169
authwp_ajax_review_banner_handlerincludes\class_registration_magic.php:170
authwp_ajax_newsletter_sub_handlerincludes\class_registration_magic.php:171
authwp_ajax_set_default_formincludes\class_registration_magic.php:172
authwp_ajax_unset_default_formincludes\class_registration_magic.php:173
authwp_ajax_rm_activate_userincludes\class_registration_magic.php:174
noprivwp_ajax_rm_activate_userincludes\class_registration_magic.php:175
authwp_ajax_import_firstincludes\class_registration_magic.php:176
authwp_ajax_rm_save_fab_settingsincludes\class_registration_magic.php:182
authwp_ajax_rm_admin_js_dataincludes\class_registration_magic.php:184
noprivwp_ajax_rm_login_social_userincludes\class_registration_magic.php:185
authwp_ajax_rm_add_default_formincludes\class_registration_magic.php:186
authwp_ajax_send_email_user_viewincludes\class_registration_magic.php:187
authwp_ajax_joyride_tour_updateincludes\class_registration_magic.php:188
authwp_ajax_remove_queueincludes\class_registration_magic.php:189
authwp_ajax_rm_one_time_action_updateincludes\class_registration_magic.php:192
authwp_ajax_rm_admin_upload_templateincludes\class_registration_magic.php:193
authwp_ajax_rm_update_submit_fieldincludes\class_registration_magic.php:194
authwp_ajax_rm_update_welcome_modal_optionincludes\class_registration_magic.php:195
authwp_ajax_rm_fcm_update_formincludes\class_registration_magic.php:196
authwp_ajax_rm_sort_login_fieldsincludes\class_registration_magic.php:201
authwp_ajax_rm_mark_submission_unreadincludes\class_registration_magic.php:202
authwp_ajax_rm_update_login_buttonincludes\class_registration_magic.php:203
authwp_ajax_rm_activate_rm_userincludes\class_registration_magic.php:206
authwp_ajax_rm_deactivate_rm_userincludes\class_registration_magic.php:207
authwp_ajax_rm_reset_passwordincludes\class_registration_magic.php:208
authwp_ajax_rm_send_emailincludes\class_registration_magic.php:209
authwp_ajax_rm_login_field_view_settincludes\class_registration_magic.php:210
authwp_ajax_rm_login_form_view_settincludes\class_registration_magic.php:211
authwp_ajax_rm_delete_dataincludes\class_registration_magic.php:212
authwp_ajax_rm_dismiss_upgrade_noticeincludes\class_registration_magic.php:218
authwp_ajax_rm_dismiss_sale_bannerincludes\class_registration_magic.php:219
authwp_ajax_rm_dismiss_customize_bannerincludes\class_registration_magic.php:220
authwp_ajax_rm_dismiss_floating_bannerincludes\class_registration_magic.php:221
authwp_ajax_rm_load_payment_status_admin_js_dataincludes\class_registration_magic.php:222
authwp_ajax_rm_download_invoice_pdfincludes\class_registration_magic.php:223
authwp_ajax_rm_send_payment_confirmationincludes\class_registration_magic.php:224
authwp_ajax_rm_update_reports_enable_disableincludes\class_registration_magic.php:231
authwp_ajax_rm_fields_conditions_checkincludes\class_registration_magic.php:232
authwp_ajax_rm_options_default_payment_methodincludes\class_registration_magic.php:233
noprivwp_ajax_rm_process_paypal_sdk_paymentincludes\class_registration_magic.php:234
authwp_ajax_rm_process_paypal_sdk_paymentincludes\class_registration_magic.php:235
authwp_ajax_rm_set_inbox_entry_depthincludes\class_registration_magic.php:236
authwp_ajax_rm_set_forms_entry_depthincludes\class_registration_magic.php:237
authwp_ajax_rm_forms_view_roll_backincludes\class_registration_magic.php:238
authwp_ajax_rm_save_default_inbox_formincludes\class_registration_magic.php:239
authwp_ajax_rm_admin_custom_status_updateincludes\class_registration_magic.php:240
authwp_ajax_rm_delete_submissionsincludes\class_registration_magic.php:241
authwp_ajax_rm_update_users_roleincludes\class_registration_magic.php:242
authwp_ajax_rm_set_user_entry_depthincludes\class_registration_magic.php:243
authwp_ajax_rm_user_additional_detailsincludes\class_registration_magic.php:244
authwp_ajax_rm_sort_form_pagesincludes\class_registration_magic.php:248
authwp_ajax_rm_block_ipincludes\class_registration_magic.php:249
authwp_ajax_rm_unblock_ipincludes\class_registration_magic.php:250
authwp_ajax_rm_block_emailincludes\class_registration_magic.php:251
authwp_ajax_rm_unblock_emailincludes\class_registration_magic.php:252
authwp_ajax_rm_export_submissionsincludes\class_registration_magic.php:253
authwp_ajax_rm_add_filterincludes\class_registration_magic.php:255
authwp_ajax_rm_delete_filterincludes\class_registration_magic.php:256
authwp_ajax_rm_sort_saved_filtersincludes\class_registration_magic.php:257
authwp_ajax_rm_admin_disable_noticeincludes\class_registration_magic.php:258
authwp_ajax_rm_print_pdfincludes\class_registration_magic.php:259
authwp_ajax_get_price_fieldsincludes\class_registration_magic.php:260
noprivwp_ajax_get_price_fieldsincludes\class_registration_magic.php:261
noprivwp_ajax_rm_get_intent_from_stripeincludes\class_registration_magic.php:263
authwp_ajax_rm_get_intent_from_stripeincludes\class_registration_magic.php:264
noprivwp_ajax_rm_stripe_after_intentincludes\class_registration_magic.php:265
authwp_ajax_rm_stripe_after_intentincludes\class_registration_magic.php:266
authwp_ajax_rm_charge_amount_from_stripeincludes\class_registration_magic.php:267
noprivwp_ajax_rm_charge_amount_from_stripeincludes\class_registration_magic.php:268
noprivwp_ajax_rm_stripe_localize_dataincludes\class_registration_magic.php:269
authwp_ajax_rm_stripe_localize_dataincludes\class_registration_magic.php:270
authwp_ajax_rm_post_feedbackincludes\class_registration_magic.php:273
authwp_ajax_rm_activate_licenseincludes\class_registration_magic.php:275
authwp_ajax_rm_deactivate_licenseincludes\class_registration_magic.php:276
noprivwp_ajax_rm_set_otpincludes\class_registration_magic.php:670
authwp_ajax_rm_toggle_form_optionincludes\class_registration_magic.php:680
noprivwp_ajax_rm_user_existsincludes\class_registration_magic.php:682
noprivwp_ajax_check_user_existsincludes\class_registration_magic.php:683
noprivwp_ajax_check_username_validityincludes\class_registration_magic.php:684
noprivwp_ajax_check_email_existsincludes\class_registration_magic.php:685
authwp_ajax_rm_get_stateincludes\class_registration_magic.php:687
noprivwp_ajax_rm_get_stateincludes\class_registration_magic.php:688
authwp_ajax_rm_js_dataincludes\class_registration_magic.php:690
noprivwp_ajax_rm_js_dataincludes\class_registration_magic.php:691
authwp_ajax_rm_save_submit_labelincludes\class_registration_magic.php:692
noprivwp_ajax_rm_load_front_usersincludes\class_registration_magic.php:693
authwp_ajax_rm_register_stat_idsincludes\class_registration_magic.php:694
noprivwp_ajax_rm_register_stat_idsincludes\class_registration_magic.php:695
authwp_ajax_rm_load_statesincludes\class_registration_magic.php:699
noprivwp_ajax_rm_load_statesincludes\class_registration_magic.php:700
authwp_ajax_rm_activation_linkincludes\class_registration_magic.php:702
noprivwp_ajax_rm_activation_linkincludes\class_registration_magic.php:703
authwp_ajax_rm_paypal_ipnincludes\class_registration_magic.php:706
noprivwp_ajax_rm_paypal_ipnincludes\class_registration_magic.php:707
authwp_ajax_rm_get_after_login_redirectincludes\class_registration_magic.php:709
authwp_ajax_rm_load_front_usersincludes\class_registration_magic.php:714
authwp_ajax_rm_mark_email_readincludes\class_registration_magic.php:715
noprivwp_ajax_rm_mark_email_readincludes\class_registration_magic.php:716
noprivwp_ajax_rm_unique_fieldincludes\class_registration_magic.php:717
authwp_ajax_rm_unique_fieldincludes\class_registration_magic.php:718
authwp_ajax_rm_genrate_fa_otpincludes\class_registration_magic.php:720
noprivwp_ajax_rm_genrate_fa_otpincludes\class_registration_magic.php:721

REST API Routes 2

GET/wp-json/regmagic/v1/formsblocks\class-reg-magic-block.php:100
GET/wp-json/regmagic/v1/timerangeblocks\class-reg-magic-block.php:109

Shortcodes 9

[RM_Login] includes\class_registration_magic.php:664
[RM_Form] includes\class_registration_magic.php:665
[RM_Forms] includes\class_registration_magic.php:666
[RM_password_recovery] includes\class_registration_magic.php:667
[RM_Front_Submissions] includes\class_registration_magic.php:668
[CRF_Login] includes\class_registration_magic.php:676
[CRF_Form] includes\class_registration_magic.php:677
[CRF_Submissions] includes\class_registration_magic.php:678
[RM_Users] includes\class_registration_magic.php:713
WordPress Hooks 77
filtersafe_style_cssadmin\class_rm_admin.php:316
actioninitincludes\class_registration_magic.php:86
actioninitincludes\class_registration_magic.php:87
actioninitincludes\class_registration_magic.php:88
filtershow_admin_barincludes\class_registration_magic.php:113
filtershow_admin_barincludes\class_registration_magic.php:117
actioninitincludes\class_registration_magic.php:138
actionadmin_initincludes\class_registration_magic.php:151
actionadmin_initincludes\class_registration_magic.php:152
actionadmin_enqueue_scriptsincludes\class_registration_magic.php:153
actionrm_pre_admin_template_renderincludes\class_registration_magic.php:155
actionrm_pre_admin_template_renderincludes\class_registration_magic.php:156
actionadmin_menuincludes\class_registration_magic.php:157
actionwp_dashboard_setupincludes\class_registration_magic.php:162
actionedit_user_profileincludes\class_registration_magic.php:163
actionshow_user_profileincludes\class_registration_magic.php:164
filterplugin_action_linksincludes\class_registration_magic.php:177
actionmedia_buttonsincludes\class_registration_magic.php:178
actionmedia_buttonsincludes\class_registration_magic.php:179
actioninitincludes\class_registration_magic.php:181
actionrm_pre_admin_template_renderincludes\class_registration_magic.php:191
actionrm_form_savedincludes\class_registration_magic.php:197
actionadmin_noticesincludes\class_registration_magic.php:198
actionadmin_noticesincludes\class_registration_magic.php:199
filterwp_privacy_personal_data_exportersincludes\class_registration_magic.php:213
filterwp_privacy_personal_data_erasersincludes\class_registration_magic.php:214
actionadmin_initincludes\class_registration_magic.php:215
actionadmin_initincludes\class_registration_magic.php:216
actionadmin_initincludes\class_registration_magic.php:217
filterrm_global_setting_managerincludes\class_registration_magic.php:225
actionrm_profile_tabs_contentincludes\class_registration_magic.php:226
filterrm_profile_tabsincludes\class_registration_magic.php:227
actioninitincludes\class_registration_magic.php:228
filtercron_schedulesincludes\class_registration_magic.php:230
actionadmin_footerincludes\class_registration_magic.php:245
actionadmin_footerincludes\class_registration_magic.php:247
filterrm_form_success_msgincludes\class_registration_magic.php:262
actionadmin_footerincludes\class_registration_magic.php:272
actionadmin_initincludes\class_registration_magic.php:277
actioninitincludes\class_registration_magic.php:284
actionrest_api_initincludes\class_registration_magic.php:285
actionblock_categories_allincludes\class_registration_magic.php:286
actionenqueue_block_editor_assetsincludes\class_registration_magic.php:287
actioninitincludes\class_registration_magic.php:660
actioninitincludes\class_registration_magic.php:661
actionwidgets_initincludes\class_registration_magic.php:669
filterwidget_textincludes\class_registration_magic.php:674
actionwp_footerincludes\class_registration_magic.php:679
actionwidgets_initincludes\class_registration_magic.php:696
actionwidgets_initincludes\class_registration_magic.php:697
actionrm_user_registeredincludes\class_registration_magic.php:701
actionrm_load_user_registrationsincludes\class_registration_magic.php:704
actioninitincludes\class_registration_magic.php:705
filterrm_payment_completed_responseincludes\class_registration_magic.php:710
actioninitincludes\class_registration_magic.php:719
actionwoocommerce_after_account_navigationincludes\class_registration_magic.php:723
filterlogin_redirectincludes\class_registration_magic.php:735
filterregister_urlincludes\class_registration_magic.php:736
actionwp_loginincludes\class_registration_magic.php:737
filterlogin_messageincludes\class_registration_magic.php:738
filterwpmu_drop_tablesincludes\class_registration_magic.php:741
filterinitincludes\class_registration_magic.php:742
filterinitincludes\class_registration_magic.php:743
filterwp_logoutincludes\class_registration_magic.php:746
filterwp_authenticate_userincludes\class_registration_magic.php:747
actionrm_ip_unblockedincludes\class_registration_magic.php:748
filterlostpassword_urlincludes\class_registration_magic.php:749
actionrm_payment_completedincludes\class_registration_magic.php:752
actionuser_registerincludes\class_registration_magic.php:753
actionphpmailer_initincludes\class_rm_email.php:264
actionphpmailer_initincludes\class_rm_utilities.php:726
filterrm_global_setting_managerplus\lmsupport\lmsupport.php:22
filteradmin_menuplus\lmsupport\lmsupport.php:23
actionrm_frontend_primer_contentplus\lmsupport\lmsupport.php:24
actionrm_formflow_publish_pageplus\lmsupport\lmsupport.php:25
actionwp_enqueue_scriptspublic\widgets\class_rm_form_widget.php:18
actionadmin_noticesregistration_magic.php:48
Maintenance & Trust

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.2
Downloads2.0M

Community Trust

Rating90/100
Number of ratings456
Active installs9K
Alternatives

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Alternatives

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

B
76

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 68 CVEs
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress

wp-user-avatar

B
76

Setup paid membership, accept payment, sell subscription & digital product, paywall, create login & registration form, user profile & member directory

100K 39 CVEs
Event Tickets and Registration

Event Tickets and Registration

event-tickets

A
89

Event Tickets allows your visitors to RSVP and buy tickets to events on your site. Also works seamlessly with The Events Calendar.

90K 11 CVEs
User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

user-registration

B
76

Build membership sites with tiered plans, content restriction, drag-&-drop custom registration & login form builder, and built-in payment system.

60K 29 CVEs
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor

profile-builder

B
76

Powerful user profile plugin to create front-end user registration forms, login & user profile forms. Includes user role editor & content restriction.

50K 32 CVEs
Developer Profile

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login Developer Profile

Metagauss

7 plugins · 79K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
250 days
View full developer profile
Detection Fingerprints

How We Detect RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-registration-form-builder-with-submission-manager/external/form_builder/jquery.custom_form_builder.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/public/css/rm_frontend.css/wp-content/plugins/custom-registration-form-builder-with-submission-manager/public/js/rm_frontend.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/css/rm_admin.css/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/rm_admin.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/jquery.bootstrap-growl.min.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/rm_submission.js
Generator Patterns
RegistrationMagic
Script Paths
/wp-content/plugins/custom-registration-form-builder-with-submission-manager/external/form_builder/jquery.custom_form_builder.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/public/js/rm_frontend.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/rm_admin.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/jquery.bootstrap-growl.min.js/wp-content/plugins/custom-registration-form-builder-with-submission-manager/admin/js/rm_submission.js
Version Parameters
custom-registration-form-builder-with-submission-manager/public/css/rm_frontend.css?ver=custom-registration-form-builder-with-submission-manager/public/js/rm_frontend.js?ver=custom-registration-form-builder-with-submission-manager/admin/css/rm_admin.css?ver=custom-registration-form-builder-with-submission-manager/admin/js/rm_admin.js?ver=custom-registration-form-builder-with-submission-manager/admin/js/jquery.bootstrap-growl.min.js?ver=custom-registration-form-builder-with-submission-manager/admin/js/rm_submission.js?ver=

HTML / DOM Fingerprints

CSS Classes
rm_form_wrapperrm_input_containerrm_submit_buttonrm_form_fieldrm_form_wrapperrm_section_headingrm_field_labelrm_field_wrapper+6 more
HTML Comments
<!-- Form Field Settings --><!-- Form Settings --><!-- Default submission text --><!-- Form submission -->+3 more
Data Attributes
data-rm-field-typedata-rm-form-iddata-rm-input-namedata-rm-sub-iddata-rm-field-id
JS Globals
rm_frontend_datarm_admin_datarm_submission_datarm_form_builder_dataRM
REST Endpoints
/wp-json/rm_api/v1/submission/wp-json/rm_api/v1/form_builder
Shortcode Output
<div class='rm_form_wrapper'
FAQ

Frequently Asked Questions about RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login