Cross-site Scripting Vulnerability Affects Metagauss RegistrationMagic
CVE-2023-23989

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Registrationmagic
Vendor: CVE Published:; 24 April 2024

What is CVE-2023-23989?

A cross-site scripting vulnerability exists in RegistrationMagic, a plugin developed by Metagauss for WordPress. This vulnerability arises from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts into webpages displayed to users. Exploitation of this flaw can lead to unauthorized access, data theft, and diminished user trust. Security updates and best practices are essential to mitigate such risks and protect web applications.

Affected Version(s)

RegistrationMagic <= 5.1.9.2

References

https://patchstack.com/database/vulnerability/custom-regi...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Jan 20, 2023

Credit

yuyudhn (Patchstack Alliance)