5 matches found
WordPress RegistrationMagic plugin < 6.0.2.1 - Stored XSS vulnerability
Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin RegistrationMagic versions 6.0.2.1...
CVE-2024-9390
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9390
CVE-2024-9390 affects the WordPress plugin RegistrationMagic prior to version 6.0.2.1. The issue arises because the plugin does not sanitize and escape several settings, allowing high-privilege users (e.g., admins) to perform Stored XSS even when unfiltered_html is disallowed (such as in multisit...
CVE-2024-9390 RegistrationMagic < 6.0.2.1 - Stored XSS
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9390 RegistrationMagic < 6.0.2.1 - Stored XSS
The RegistrationMagic WordPress plugin before 6.0.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...