Описание
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.
Ссылки
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.0.3 (включая)
cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00208
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to send arbitrary emails on behalf of the site via class_rm_user_services.php send_email_user_view.
EPSS
Процентиль: 43%
0.00208
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862