#VU25804 Information disclosure in RegistrationMagic - Custom Registration Forms and User Login - CVE-2020-9458
Published: March 6, 2020
Vulnerability identifier: #VU25804
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9458
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
RegistrationMagic - Custom Registration Forms and User Login
RegistrationMagic - Custom Registration Forms and User Login
Software vendor:
Registrationmagic
Registrationmagic
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the "export" function lack access control or a nonce check. A remote authenticated attacker can send a specially crafted request with the "rm_slug" $_POST parameter set to "rm_form_export", which cause the plugin to export every form on the site, including everything that had ever been submitted to any of these forms (though this does not include login credentials).
Remediation
Install updates from vendor's website.