Privilege Escalation via Custom Form Import in RegistrationMagic Plugin for WordPress

Privilege Escalation via Custom Form Import in RegistrationMagic Plugin for WordPress

CVE-2020-9457 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.

Learn more about our Wordpress Pen Testing.