CVE-2020-8435 — HIGH (8.1) — White Hats Nepal

Vulnerability Description

An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Metagauss	Registrationmagic	4.6.0.0

Related Weaknesses (CWE)

CWE-89

References

https://Spider-security.co.ukThird Party Advisory
https://spider-security.co.uk/blog-cve-2020-8435ExploitThird Party Advisory
https://wordpress.org/plugins/custom-registration-form-builder-with-submission-mRelease Notes
https://Spider-security.co.ukThird Party Advisory
https://spider-security.co.uk/blog-cve-2020-8435ExploitThird Party Advisory
https://wordpress.org/plugins/custom-registration-form-builder-with-submission-mRelease Notes

FAQ

What is CVE-2020-8435?

CVE-2020-8435 is a vulnerability with a CVSS score of 8.1 (HIGH). An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter.

How severe is CVE-2020-8435?

CVE-2020-8435 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8435?

Check the references section above for vendor advisories and patch information. Affected products include: Metagauss Registrationmagic.