CVE-2021-24862: RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection
First published: Mon Jan 10 2022(Updated: )
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Metagauss Registrationmagic | <5.0.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-24862?
CVE-2021-24862 is a vulnerability in the RegistrationMagic WordPress plugin before version 5.0.1.6 that allows for SQL injection due to user input not being properly escaped in an AJAX action.
How severe is the CVE-2021-24862 vulnerability?
The severity of CVE-2021-24862 is rated as high with a CVSS score of 7.2.
How does CVE-2021-24862 affect the RegistrationMagic plugin?
CVE-2021-24862 affects the RegistrationMagic WordPress plugin before version 5.0.1.6, specifically in the rm_chronos_ajax action where user input is not properly escaped before being used in a SQL statement.
What is the affected software for CVE-2021-24862?
The affected software for CVE-2021-24862 is the RegistrationMagic WordPress plugin before version 5.0.1.6.
Is there a fix available for CVE-2021-24862?
Yes, the fix for CVE-2021-24862 is to update the RegistrationMagic WordPress plugin to version 5.0.1.6 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/metagauss
- canonical/metagauss registrationmagic