Security Advisory

CVE-2020-9454

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-06 18:43:13

Last updated 2024-08-04 10:26:16

Assigner mitre

State PUBLISHED

Description

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.

← Browse all CVEs View on cve.org ↗