CVE-2017-20208

CRITICAL EXPLOITED

RegistrationMagic <3.7.9.3 - Code Injection

Title source: llm

Exploitation Summary

CVE-2017-20208 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 (exclusive) via deserialization of untrusted input from the is_expired_by_date() function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to fetch a remote file and install it on the site.

References (3)

Core 3

Core References

Patch

https://plugins.trac.wordpress.org/changeset/1733274/custom-registration-form-builder-with-submission-manager

Press/Media Coverage, Third Party Advisory

https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/

Technical Description

https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b79193-f8fc-4ea2-8973-fe292cfb926b?source=cve

Scores

CVSS v3 9.8

EPSS 0.0064

EPSS Percentile 46.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2017-10-02

CWE

CWE-502

Status published

Products (2)

metagauss/registrationmagic < 3.7.9.3

metagauss/RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 3.7.9.3

Published Oct 18, 2025

Tracked Since Feb 18, 2026