453 matches found
WordPress Plugin RegistrationMagic 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin RegistrationMagic suffers...
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 5.3.2.0 - Authenticated (Contributor+) SQL Injection via Shortcode
Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RMForm shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user...
WordPress RegistrationMagic Plugin <= 5.3.1.0 is vulnerable to SQL Injection
Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.1.0 Fixed in 5.3.2.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1990 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5de1df9c9f57 Credits Krzysztof Zając - CERT PL Required privilege...
WordPress RegistrationMagic Plugin <= 5.3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.0.0 Fixed in 5.3.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-2951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d9399326561 Credits Joshua Chan Required...
PT-2024-22930 · Metagauss · Registrationmagic
Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions 5.3.0.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application...
CVE-2024-25935 WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9...
CVE-2024-25935 WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9...
CVE-2024-25935
RegistrationMagic (WordPress plugin)
PT-2024-21229 · Metagauss · Registrationmagic
Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions 5.2.5.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Metagauss RegistrationMagic. Recommendations: For Metagauss RegistrationMagic versions 5.2.5.9 and earlier,...
RegistrationMagic < 5.2.6.0 - Reflected Cross-Site Scripting
Description The RegistrationMagic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
CVE-2024-29113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...
CVE-2024-29113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...
CVE-2024-29113 WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...
CVE-2024-29113 WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...
CVE-2024-29113
CVE-2024-29113 — RegistrationMagic (WordPress plugin) suffers a Reflected XSS due to improper input neutralization during web page generation. Affected versions: up to 5.2.5.9 (per entry). Root cause details indicate input not properly sanitized before reflection. CVSS v3.1 (NVD) base metrics: AV...
WordPress Plugin RegistrationMagic Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-22734 · Metagauss · Registrationmagic
Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions through 5.2.5.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attacker...
WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and...
WordPress RegistrationMagic Plugin <= 5.2.5.9 is vulnerable to Cross Site Scripting (XSS)
Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.5.9 Fixed in 5.2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29113 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b3c2c9a16dfd Credits Yudistira Arya Required...
$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 26th, 2024, during our second Bug Bounty Extravaganza...