Описание
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.
Ссылки
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.0.3 (включая)
cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 68%
0.00569
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.
EPSS
Процентиль: 68%
0.00569
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352