Описание
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
Ссылки
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.0.3 (включая)
cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 83%
0.01959
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the user controller allows remote authenticated users (with minimal privileges) to elevate their privileges to administrator via class_rm_user_controller.php rm_user_edit.
EPSS
Процентиль: 83%
0.01959
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862