Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS)



Description
The plugin is affected by an unauthenticated Stored XSS on the Contact Form which could allow attacks against administrators viewing the submissions. As well as multiple reflected XSS.

Affects Plugin

References

CVE 2020-8435
URL https://spider-security.co.uk/blog-cve-2020-8435

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Spider Sec Ltd
Views 1106
Verified No
WPVDB ID 10083

Timeline

Publicly Published 2020-01-30 (6 months ago)
Added 2020-02-23 (5 months ago)
Last Updated 2020-02-24 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin