WordPress Plugin Vulnerabilities

RegistrationMagic-Custom Registration Forms <= 3.7.9.2 - Unauthenticated PHP Object Injection

Description

The RegistrationMagic – Custom Registration Forms and User Login WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
custom-registration-form-builder-with-submission-manager
Fixed in 3.7.9.3

References

URL
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
URL
https://plugins.trac.wordpress.org/changeset/1733274/custom-registration-form-builder-with-submission-manager

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6d9880d6-d32b-4f4d-ad7c-d438e369c49c

Timeline

Publicly Published
2017-10-02 (about 6 years ago)
Added
2017-10-03 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2022-10-10
Title
Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection
Published
2023-09-25
Title
NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization
Published
2024-04-09
Title
Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce < 2.6.4 - Authenticated (Admin+) PHP Object Injection
Published
2023-12-29
Title
ARI Stream Quiz < 1.3.1 - Authenticated (Contributor+) PHP Object Injection
Published
2018-10-11
Title
WooCommerce <= 3.4.5 - Authenticated Object Injection