WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection
CVE-2023-50846
7.6HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 28 December 2023
Summary
A vulnerability exists in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login due to improper neutralization of special elements in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access and manipulation. All versions from n/a up to 5.2.4.5 are impacted, making it crucial for users to apply necessary patches and updates to safeguard their applications.
Affected Version(s)
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.2.4.5
References
CVSS V3.1
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Muhammad Daffa (Patchstack Alliance)