453 matches found
RegistrationMagic – Custom Registration Forms and User Login < 4.6.0.4 - Multiple Critical Issues
These allowed an attacker with subscriber-level permissions to elevate their account’s privileges to those of an administrator and to export every form on the site, including all the data that had been submitted to them in the past. Additionally, through a number of unprotected AJAX actions, an...
Registration Magic < 4.6.0.3 - Authenticated SQL Injection via Form_id
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Authenticated SQL Injection via Formid security vulnerability. PoC https://example.com/wp-admin/admin.php?page=rmanalyticsshowformformid=selectfromselectsleep20atr=30...
WordPress RegistrationMagic plugin <= 4.6.0.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found by Spider Sec Ltd. in WordPress RegistrationMagic plugin versions = 4.6.0.1. Solution Update the WordPress Registration Magic plugin to the latest available version at least 4.6.0.3...
WordPress RegistrationMagic plugin <= 4.6.0.1 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability found by Spider Sec Ltd. in WordPress RegistrationMagic plugin versions = 4.6.0.1. Solution Update the WordPress RegistrationMagic plugin to the latest available version at least 4.6.0.3...
RegistrationMagic Plugin for WordPress < 3.7.9.3 PHP Object Injection
According to its self-reported version, the RegistrationMagic Plugin for WordPress running on the remote web server is prior to 3.7.9.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects, execute arbitrar...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. PoC GET...
RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. PoC GET...
WordPress RegistrationMagic-Custom Registration Forms SQL Injection
SQL Injection vulnerability in WordPress RegistrationMagic-Custom Registration Forms plugin includes/classrmdbmanager.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...
VulnCheck KEV: CVE-2017-20208
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it...
RegistrationMagic-Custom Registration Forms <= 3.7.9.2 - Unauthenticated PHP Object Injection
The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...