Lucene search
K

453 matches found

CNVD
CNVD
added 2022/03/09 12:0 a.m.18 views

WordPress RegistrationMagic Plugin SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress RegistrationMagic Plugin prior to version 5.0.2.2, which ste...

7.2CVSS7.4AI score0.01461EPSS
Exploits1References1
OSV
OSV
added 2022/03/07 9:15 a.m.1 views

CVE-2022-0420

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rmformid parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks...

7.2CVSS5.8AI score0.01461EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/07 9:15 a.m.7 views

CVE-2022-0420

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rmformid parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks...

7.2CVSS7.2AI score0.01461EPSS
Exploits1References3
NVD
NVD
added 2022/03/07 9:15 a.m.10 views

CVE-2022-0420

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rmformid parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks...

7.2CVSS0.01461EPSS
Exploits1References2
Prion
Prion
added 2022/03/07 9:15 a.m.16 views

Sql injection

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rmformid parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks...

6.5CVSS7.1AI score0.01461EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.15 views

CVE-2022-0420 RegistrationMagic < 5.0.2.2 - Admin+ SQL Injection

The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rmformid parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privilege users to perform SQL injection attacks...

7.4AI score0.01461EPSS
Exploits1References2
CVE
CVE
added 2022/03/07 8:16 a.m.79 views

CVE-2022-0420

CVE-2022-0420 affects the WordPress RegistrationMagic plugin prior to version 5.0.2.2. The rm_form_id parameter used in the Automation admin dashboard is not sanitized or escaped before being used in an SQL statement, enabling high-privilege users to perform SQL injection. Red Hat and CVE records...

7.2CVSS7.1AI score0.01461EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.3 views

WordPress plugin RegistrationMagic SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress RegistrationMagic Plugin prior to version 5.0.2.2, which ste...

7.2CVSS6.2AI score0.01461EPSS
Exploits1References3
CNVD
CNVD
added 2022/02/10 12:0 a.m.15 views

WordPress RegistrationMagic plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by the WordPress Foundation using the PHP language. cross-site scripting vulnerability exists in the Wordpress RegistrationMagic Plugin, which stems from the product's rmsearchvalue function not doing effective processing of special characters in...

6.1CVSS2.7AI score0.00876EPSS
Exploits1References1
Metasploit
Metasploit
added 2022/02/02 5:42 p.m.599 views

Wordpress RegistrationMagic task_ids Authenticated SQLi

RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected by an authenticated SQL injection via the taskids parameter. Module Options msf use auxiliary/scanner/http/wpregistrationmagicsqli msf auxiliarywpregistrationmagicsqli show actions ...actions... msf auxiliarywpregistrationmagicsq...

7.2CVSS7.4AI score0.73293EPSS
Exploits6
NVD
NVD
added 2022/02/01 1:15 p.m.10 views

CVE-2021-24648

The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rmsearchvalue parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00876EPSS
Exploits1References2
OSV
OSV
added 2022/02/01 1:15 p.m.1 views

CVE-2021-24648

The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rmsearchvalue parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.00876EPSS
Exploits1References2
Prion
Prion
added 2022/02/01 1:15 p.m.11 views

Cross site scripting

The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rmsearchvalue parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting...

4.3CVSS6.1AI score0.00876EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/02/01 12:21 p.m.11 views

CVE-2021-24648 Registration Magic < 5.0.1.9 - Reflected Cross-Site Scripting

The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rmsearchvalue parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting...

6.2AI score0.00876EPSS
Exploits1References2
CVE
CVE
added 2022/02/01 12:21 p.m.44 views

CVE-2021-24648

The CVE-2021-24648 affects the WordPress plugin RegistrationMagic prior to 5.0.1.9. The vulnerability arises because the rm_search_value parameter is not properly sanitized/escaped before being output in an attribute, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Affected softwar...

6.1CVSS6.1AI score0.00876EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.2 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platform developed by the WordPress Foundation using the PHP language. cross-site scripting vulnerability exists in the Wordpress RegistrationMagic Plugin, which stems from the product's rmsearchvalue function not doing effective processing of special characters in...

6.1CVSS5.6AI score0.00876EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2022/01/27 12:0 a.m.216 views

WordPress RegistrationMagic V 5.0.1.5 SQL Injection

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

7.2CVSS0.4AI score0.73293EPSS
Exploits6
0day.today
0day.today
added 2022/01/27 12:0 a.m.221 views

WordPress RegistrationMagic V 5.0.1.5 Plugin- SQL Injection Exploit

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

7.2CVSS0.3AI score0.73293EPSS
Exploits6
Exploit DB
Exploit DB
added 2022/01/27 12:0 a.m.320 views

WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)

Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...

7.2CVSS7.2AI score0.73293EPSS
Exploits6
CNVD
CNVD
added 2022/01/14 12:0 a.m.36 views

WordPress RegistrationMagic plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress RegistrationMagic plugin was vulnerable to SQL injection before 5.0.1.6, which stems from the la...

7.2CVSS3.7AI score0.73293EPSS
Exploits6References1
Rows per page
Query Builder