WordPress Plugin Vulnerabilities

Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS)

Description

The plugin is affected by an unauthenticated Stored XSS on the Contact Form which could allow attacks against administrators viewing the submissions. As well as multiple reflected XSS.

Affects Plugins

Plugin icon
custom-registration-form-builder-with-submission-manager
Fixed in 4.6.0.3

References

CVE
CVE-2020-8435
URL
https://spider-security.co.uk/blog-cve-2020-8435

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.1 (high)

Miscellaneous

Original Researcher
Spider Sec Ltd
Verified
No
WPVDB ID
fad8f81c-0af6-45c2-946e-da134c0be12d

Timeline

Publicly Published
2020-01-30 (about 4 years ago)
Added
2020-02-23 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2024-02-02
Title
Mighty Addons for Elementor <= 1.9.3 - Reflected Cross-Site Scripting
Published
2024-03-29
Title
Unlimited Elements For Elementor < 1.5.97 - Contributor+ Stored XSS
Published
2020-10-29
Title
Greenmart < 2.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Unauthenticated Stored Cross-Site Scripting
Published
2023-04-12
Title
Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS