CVE-2020-9455

2020-03-0618:49:50

mitre

www.cve.org

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.

References

wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers

wpvulndb.com/vulnerabilities/10116

www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/