Lucene search
K

453 matches found

WPVulnDB
WPVulnDB
added 2020/03/05 12:0 a.m.45 views

RegistrationMagic – Custom Registration Forms and User Login < 4.6.0.4 - Multiple Critical Issues

These allowed an attacker with subscriber-level permissions to elevate their account’s privileges to those of an administrator and to export every form on the site, including all the data that had been submitted to them in the past. Additionally, through a number of unprotected AJAX actions, an...

6.8CVSS2.2AI score0.02533EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/01/30 12:0 a.m.13 views

Registration Magic < 4.6.0.3 - Authenticated SQL Injection via Form_id

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Authenticated SQL Injection via Formid security vulnerability. PoC https://example.com/wp-admin/admin.php?page=rmanalyticsshowformformid=selectfromselectsleep20atr=30...

4.3CVSS1.4AI score0.01353EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2020/01/30 12:0 a.m.17 views

WordPress RegistrationMagic plugin <= 4.6.0.1 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found by Spider Sec Ltd. in WordPress RegistrationMagic plugin versions = 4.6.0.1. Solution Update the WordPress Registration Magic plugin to the latest available version at least 4.6.0.3...

8.1CVSS2.4AI score0.01919EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2020/01/30 12:0 a.m.8 views

WordPress RegistrationMagic plugin <= 4.6.0.1 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Spider Sec Ltd. in WordPress RegistrationMagic plugin versions = 4.6.0.1. Solution Update the WordPress RegistrationMagic plugin to the latest available version at least 4.6.0.3...

3.6AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.18 views

RegistrationMagic Plugin for WordPress < 3.7.9.3 PHP Object Injection

According to its self-reported version, the RegistrationMagic Plugin for WordPress running on the remote web server is prior to 3.7.9.3. It is, therefore, affected by a PHP object injection vulnerability. An unauthenticated, remote attacker can exploit this to inject PHP objects, execute arbitrar...

6.5AI score
Exploits0References3
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.14 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. GET...

2.1AI score
Exploits0References2
wpexploit
wpexploit
added 2017/12/10 12:0 a.m.25 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. GET...

2.3AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2017/12/10 12:0 a.m.13 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated SQL Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated SQL Injection security vulnerability. PoC GET...

2.6AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2017/12/10 12:0 a.m.10 views

RegistrationMagic - Custom Registration Forms <= 3.8.0.4 - Authenticated Reflected XSS

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by a Custom Registration Forms = 3.8.0.4 - Authenticated Reflected XSS security vulnerability. PoC GET...

2.4AI score
Exploits0References2Affected Software1
Dsquare
Dsquare
added 2017/10/15 12:0 a.m.441 views

WordPress RegistrationMagic-Custom Registration Forms SQL Injection

SQL Injection vulnerability in WordPress RegistrationMagic-Custom Registration Forms plugin includes/classrmdbmanager.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

0.6AI score
Exploits0
Patchstack
Patchstack
added 2017/10/03 12:0 a.m.19 views

WordPress RegistrationMagic-Custom Registration Forms plugin <= 3.7.9.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability found by Matt Barry WordFence in WordPress RegistrationMagic-Custom Registration Forms plugin versions = 3.7.9.2. Solution Update the WordPress RegistrationMagic-Custom Registration Forms plugin to the latest available version at least 3.7.9.3...

3.3AI score
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2017/10/02 12:0 a.m.2 views

VulnCheck KEV: CVE-2017-20208

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 3.7.9.3 exclusive via deserialization of untrusted input from the isexpiredbydate function. This makes it...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2017/10/02 12:0 a.m.16 views

RegistrationMagic-Custom Registration Forms <= 3.7.9.2 - Unauthenticated PHP Object Injection

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

2.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder