CVE-2020-9454

HIGH

RegistrationMagic < 4.6.0.3 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploads via forms.

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0109
EPSS Percentile 61.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
metagauss/registrationmagic < 4.6.0.3
Published Mar 06, 2020
Tracked Since Feb 18, 2026