CVE-2021-24862
RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
El plugin RegistrationMagic de WordPress versiones anteriores a 5.0.1.6, no escapa a la entrada del usuario en su acción rm_chronos_ajax AJAX antes de usarla en una sentencia SQL cuando son duplicadas tareas en lotes, lo que podría conllevar a un problema de inyección SQL
RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected by an authenticated SQL injection via the task_ids parameter.
*Credits:
JrXnm
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2022-01-10 CVE Published
- 2022-01-27 First Exploit
- 2024-08-03 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/Hacker5preme/Exploits/blob/main/Wordpress/CVE-2021-24862/README.md |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Metagauss Search vendor "Metagauss" | Registrationmagic Search vendor "Metagauss" for product "Registrationmagic" | < 5.0.1.6 Search vendor "Metagauss" for product "Registrationmagic" and version " < 5.0.1.6" | wordpress |
Affected
| ||||||