CVE-2020-9457
Last modified
CVE-2020-9457 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.. EPSS estimates a 2.53% chance of exploitation in the next 30 days.
Description
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Metagauss | Registrationmagic | <= 4.6.0.3 |
References
- https://wpvulndb.com/vulnerabilities/10116Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/Exploit, Third Party Advisory
- https://wpvulndb.com/vulnerabilities/10116Third Party Advisory
- https://www.wordfence.com/blog/2020/03/multiple-vulnerabilities-patched-in-registrationmagic-plugin/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-9457?
How severe is CVE-2020-9457?
How do I fix CVE-2020-9457?
Are you affected by CVE-2020-9457?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST