CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8435 – RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2020-8435
An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. Se detectó un problema en el plugin RegistrationMagic 4.6.0.0 para WordPress. Se presenta una inyección SQL por medio del parámetro rm_analytics_show_form rm_form_id. An issue was discovered in the RegistrationMagic plugin 4.6.0.2 for WordPress. • https://Spider-security.co.uk https://spider-security.co.uk/blog-cve-2020-8435 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8436 – RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-8436
XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, or form_name parameter. Se detectó una vulnerabilidad de tipo XSS en el plugin RegistrationMagic 4.6.0.0 para WordPress por medio del parámetro rm_form_id, rm_tr o form_name. XSS was discovered in the RegistrationMagic plugin 4.6.0.1 for WordPress via the rm_form_id, rm_tr, or form_name parameter. • https://Spider-security.co.uk https://spider-security.co.uk/blog-cve-2020-8436 https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •