WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection
CVE-2023-50846

7.6HIGH

Key Information:

Vendor

WordPress
Status
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Vendor
CVE Published:
28 December 2023

What is CVE-2023-50846?

A vulnerability exists in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login due to improper neutralization of special elements in SQL commands. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized data access and manipulation. All versions from n/a up to 5.2.4.5 are impacted, making it crucial for users to apply necessary patches and updates to safeguard their applications.

Affected Version(s)

RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.2.4.5

References

https://patchstack.com/database/vulnerability/custom-regi...
vdb-entry

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Daffa (Patchstack Alliance)
.
CVE-2023-50846 : WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection