Lucene search
K

453 matches found

CNNVD
CNNVD
added 2024/03/26 12:0 a.m.2 views

WordPress Plugin RegistrationMagic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin RegistrationMagic suffers...

4.3CVSS8.1AI score0.00218EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/26 12:0 a.m.25 views

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login < 5.3.2.0 - Authenticated (Contributor+) SQL Injection via Shortcode

Description The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RMForm shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user...

8.8CVSS7.2AI score0.00821EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.10 views

WordPress RegistrationMagic Plugin <= 5.3.1.0 is vulnerable to SQL Injection

Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.1.0 Fixed in 5.3.2.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1990 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5de1df9c9f57 Credits Krzysztof Zając - CERT PL Required privilege...

8.8CVSS6.8AI score0.00821EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/03/26 12:0 a.m.13 views

WordPress RegistrationMagic Plugin <= 5.3.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.0.0 Fixed in 5.3.1.0 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-2951 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1d9399326561 Credits Joshua Chan Required...

4.3CVSS6.6AI score0.00218EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-22930 · Metagauss · Registrationmagic

Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions 5.3.0.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software. This type of issue allows an attacker to trick a user into performing unintended actions on a web application...

4.3CVSS9.3AI score0.00218EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/21 5:31 p.m.11 views

CVE-2024-25935 WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9...

4.3CVSS5.2AI score0.00402EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/21 5:31 p.m.23 views

CVE-2024-25935 WordPress RegistrationMagic plugin <= 5.2.5.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9...

4.3CVSS5AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2024/03/21 5:31 p.m.46 views

CVE-2024-25935

RegistrationMagic (WordPress plugin)

9.8CVSS5.2AI score0.00402EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.4 views

PT-2024-21229 · Metagauss · Registrationmagic

Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions 5.2.5.9 and earlier Description: The issue is related to a Missing Authorization vulnerability in Metagauss RegistrationMagic. Recommendations: For Metagauss RegistrationMagic versions 5.2.5.9 and earlier,...

9.8CVSS6.8AI score0.00402EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2024/03/20 12:0 a.m.13 views

RegistrationMagic < 5.2.6.0 - Reflected Cross-Site Scripting

Description The RegistrationMagic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

7.1CVSS6.3AI score0.00422EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/19 3:15 p.m.2 views

CVE-2024-29113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...

6.1CVSS7.3AI score0.00422EPSS
Exploits0References1
NVD
NVD
added 2024/03/19 3:15 p.m.8 views

CVE-2024-29113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...

7.1CVSS6.9AI score0.00422EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 3:0 p.m.17 views

CVE-2024-29113 WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...

7.1CVSS7.1AI score0.00422EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/19 3:0 p.m.11 views

CVE-2024-29113 WordPress RegistrationMagic plugin <= 5.2.5.9 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9...

7.1CVSS6.9AI score0.00422EPSS
Exploits0References1
CVE
CVE
added 2024/03/19 3:0 p.m.74 views

CVE-2024-29113

CVE-2024-29113 — RegistrationMagic (WordPress plugin) suffers a Reflected XSS due to improper input neutralization during web page generation. Affected versions: up to 5.2.5.9 (per entry). Root cause details indicate input not properly sanitized before reflection. CVSS v3.1 (NVD) base metrics: AV...

7.1CVSS8.6AI score0.00422EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.2 views

WordPress Plugin RegistrationMagic Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

7.1CVSS5.8AI score0.00422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.4 views

PT-2024-22734 · Metagauss · Registrationmagic

Name of the Vulnerable Software and Affected Versions: Metagauss RegistrationMagic versions through 5.2.5.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attacker...

7.1CVSS9.6AI score0.00422EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2024/03/18 9:46 a.m.59 views

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and...

9.8CVSS7.6AI score0.01712EPSS
Exploits1
Patchstack
Patchstack
added 2024/03/16 12:0 a.m.13 views

WordPress RegistrationMagic Plugin <= 5.2.5.9 is vulnerable to Cross Site Scripting (XSS)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.5.9 Fixed in 5.2.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29113 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b3c2c9a16dfd Credits Yudistira Arya Required...

7.1CVSS6.5AI score0.00422EPSS
Exploits0References2Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/03/14 7:1 p.m.39 views

$1,313 Bounty Awarded for Privilege Escalation Vulnerability Patched in RegistrationMagic WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 26th, 2024, during our second Bug Bounty Extravaganza...

7.3AI score0.00891EPSS
Exploits0
Rows per page
Query Builder