CVE-2020-9457
First published: Fri Mar 06 2020(Updated: )
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users (with minimal privileges) to import custom vulnerable forms and change form settings via class_rm_form_settings_controller.php, resulting in privilege escalation.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Metagauss Registrationmagic | <=4.6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-9457?
CVE-2020-9457 is a vulnerability in the RegistrationMagic plugin for WordPress that allows remote authenticated users to import custom vulnerable forms and change form settings, leading to privilege escalation.
What is the severity of CVE-2020-9457?
The severity of CVE-2020-9457 is rated as high with a CVSS severity score of 8.8.
How does CVE-2020-9457 affect me?
If you are using the RegistrationMagic plugin for WordPress version up to and including 4.6.0.3, you are affected by CVE-2020-9457.
How do I fix CVE-2020-9457?
To fix CVE-2020-9457, you should update the RegistrationMagic plugin to the latest version, which includes the necessary security patches.
Where can I find more information about CVE-2020-9457?
You can find more information about CVE-2020-9457 on the WordPress plugin page and the WPScan Vulnerability Database.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/metagauss
- canonical/metagauss registrationmagic
- version/metagauss registrationmagic/4.6.0.3