Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 5.2.4.6

  • Severity: medium-risk
  • Status: Fixed
  • Publication: December 21, 2023

The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress has a security issue in all versions up to and including 5.2.4.5. This issue allows an attacker, with administrator access or higher, to extract sensitive information from the database. This is done by taking advantage of insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query.

Detected in:

Registration Forms by RegistrationMagic – Custom User Registration for WordPress fixed vulnerable versions:
RegistrationMagic – Custom Registration Forms, User Registration, Payment and User Login fixed vulnerable versions:
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login fixed vulnerable versions: >= * < 5.2.4.6
RegistrationMagic – Custom User Registration Forms fixed vulnerable versions:
RegistrationMagic – Custom User Registration Forms Plugin fixed vulnerable versions:
RegistrationMagic – Custom User Registration Forms, Payment Forms, and User Login fixed vulnerable versions:
RegistrationMagic – User Registration Plugin with Custom Registration Forms fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.