2 matches found
CVE-2024-1990
The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to blind SQL Injection via the ‘id’ parameter of the RMForm shortcode in all versions up to, and including, 5.3.1.0 due to insufficient escaping on the user supplied...
WordPress RegistrationMagic Plugin <= 5.3.1.0 is vulnerable to SQL Injection
Software RegistrationMagic Type Plugin Vulnerable versions = 5.3.1.0 Fixed in 5.3.2.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-1990 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 5de1df9c9f57 Credits Krzysztof Zając - CERT PL Required privilege...