8 matches found
CVE-2021-24862
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rmchronosajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue...
Wordpress RegistrationMagic Task_ids Authenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress RegistrationMagic taskids Authenticated SQLi', 'Description' = %q RegistrationMagic, a WordPress plugin, prior to 5.0.1.5 is affected b...
Metasploit Wrap-Up
Wordpress Exploitation Returns What's life without a little WordPress exploitation? Courtesy of Hacker5preme aka Ron Jost and h00die, we now have an exploit for CVE-2021-24862, a bug in the RestorationMagic WordPress plugin prior to 5.0.1.6 whereby user input was not properly escaped in the...
WordPress RegistrationMagic V 5.0.1.5 SQL Injection
Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...
WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection (Authenticated)
Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...
WordPress RegistrationMagic V 5.0.1.5 Plugin- SQL Injection Exploit
Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...
CVE-2021-24862
creationtimestamp| type| source ---|---|--- 2022-01-10 18:15:08+00:00| seen| https://t.me/cibsecurity/35191 2022-02-02 16:09:06+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpregistrationmagicsqli.rb 2025-02-06 03:13:45+00:00| seen|...
CVE-2021-24862
CVE-2021-24862 affects WordPress plugin RegistrationMagic prior to 5.0.1.6. The vulnerability arises from the rm_chronos_ajax action not escaping user input before inserting it into a SQL statement during batch duplication of tasks, enabling authenticated SQL injection. Impact per linked docs inc...