SQL Injection Vulnerability in RegistrationMagic Plugin for WordPress
CVE-2020-8435

8.1HIGH

Key Information:

Vendor
Wordpress
Status
Registrationmagic
Vendor
CVE Published:
12 March 2020

Summary

A vulnerability was identified in the RegistrationMagic plugin version 4.6.0.0 for WordPress, where an SQL injection flaw exists through the 'rm_analytics_show_form' rm_form_id parameter. This allows attackers to manipulate SQL queries by injecting arbitrary SQL code, potentially leading to unauthorized access to the database. Users of the affected plugin should apply patches or updates promptly to safeguard against potential exploitation.

References

https://Spider-security.co.uk
x_refsource_MISC
https://wordpress.org/plugins/custom-registration-form-bu...
x_refsource_MISC
https://spider-security.co.uk/blog-cve-2020-8435
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.