Описание
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
Ссылки
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.6.0.3 (включая)
cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 73%
0.00792
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
EPSS
Процентиль: 73%
0.00792
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862