CSRF Vulnerability in RegistrationMagic Plugin for WordPress Allows Remote Attackers to Forge Requests and Gain Administrative Privileges

CSRF Vulnerability in RegistrationMagic Plugin for WordPress Allows Remote Attackers to Forge Requests and Gain Administrative Privileges

CVE-2020-9454 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.

Learn more about our Wordpress Pen Testing.