← back
CVE-2021-24862

RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection

EPSS 73.3%CWE-89
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
Affected products
Unknown · RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin
public PoCs found2
cve_referencepacketstormsecurity.com/files/165746/WordPress-RegistrationMagic-V-5.0.1.5-SQL-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50686unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/165746/WordPress-RegistrationMagic-V-5.0.1.5-SQL-Injection.htmlhttps://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24862https://wpscan.com/vulnerability/7d3af3b5-5548-419d-aa32-1f7b51622615