CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
metagaussregistrationmagic
𝑥
≤ 4.6.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers
https://wpvulndb.com/vulnerabilities/10116
https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/
https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/#developers
https://wpvulndb.com/vulnerabilities/10116
https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/