CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8435 – RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-8435
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. Se detectó un problema en el plugin RegistrationMagic 4.6.0.0 para WordPress. Se presenta una inyección SQL por medio del parámetro rm_analytics_show_form rm_form_id. An issue was discovered in the RegistrationMagic plugin 4.6.0.2 for WordPress. • https://Spider-security.co.uk https://spider-security.co.uk/blog-cve-2020-8435 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8436 – RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8436
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. Se detectó una vulnerabilidad de tipo XSS en el plugin RegistrationMagic 4.6.0.0 para WordPress por medio del parámetro rm_form_id, rm_tr o form_name. XSS was discovered in the RegistrationMagic plugin 4.6.0.1 for WordPress via the rm_form_id, rm_tr, or form_name parameter. • https://Spider-security.co.uk https://spider-security.co.uk/blog-cve-2020-8436 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15873 – ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-15873
The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code. El plugin profilegrid-user-profiles-groups-and-communities en versiones anteriores a la 2.8.6 para WordPress presenta una ejecución de código remota mediante una solicitud wp-admin/admin-ajax.php con la subcadena action-pm_template_preview&html- • https://wordpress.org/plugins/profilegrid-user-profiles-groups-and-communities/#developers https://wpvulndb.com/vulnerabilities/9086 • CWE-94: Improper Control of Generation of Code ('Code Injection') •