CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-9458 – RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings and User Data Export
https://notcve.org/view.php?id=CVE-2020-9458
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export. En el plugin RegistrationMagic versiones hasta 4.6.0.3 para WordPress, la función export permite a usuarios autenticados remotos (con privilegios mínimos) exportar los datos y configuraciones de los formularios enviados por medio de la función rm_form_export del archivo class_rm_form_controller.php. • https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers https://wpvulndb.com/vulnerabilities/10116 https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-9455 – RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Email Injection
https://notcve.org/view.php?id=CVE-2020-9455
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view. En el plugin RegistrationMagic versiones hasta 4.6.0.3 para WordPress, permite a usuarios autenticados remotos (con privilegios mínimos) enviar correos electrónicos arbitrarios en nombre del sitio por medio de la función send_email_user_view del archivo class_rm_user_services.php. • https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers https://wpvulndb.com/vulnerabilities/10116 https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 1CVE-2020-9456 – RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-9456
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit. En el plugin RegistrationMagic versiones hasta 4.6.0.3 para WordPress, el controlador de usuario permite a usuarios autenticados remotos (con privilegios mínimos) escalar sus privilegios a administrador por medio de la función rm_user_edit del archivo class_rm_user_controller.php. • https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers https://wpvulndb.com/vulnerabilities/10116 https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin • CWE-862: Missing Authorization •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8435 – RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-8435
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. Se detectó un problema en el plugin RegistrationMagic 4.6.0.0 para WordPress. Se presenta una inyección SQL por medio del parámetro rm_analytics_show_form rm_form_id. An issue was discovered in the RegistrationMagic plugin 4.6.0.2 for WordPress. • https://Spider-security.co.uk https://spider-security.co.uk/blog-cve-2020-8435 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8436 – RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8436
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. Se detectó una vulnerabilidad de tipo XSS en el plugin RegistrationMagic 4.6.0.0 para WordPress por medio del parámetro rm_form_id, rm_tr o form_name. XSS was discovered in the RegistrationMagic plugin 4.6.0.1 for WordPress via the rm_form_id, rm_tr, or form_name parameter. • https://Spider-security.co.uk https://spider-security.co.uk/blog-cve-2020-8436 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •