CVE-2020-9458

HIGH

RegistrationMagic < 4.6.0.3 - Authenticated Unauthorized Data Export via Export Function

Title source: llm
STIX 2.1

Description

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users (with minimal privileges) to export submitted form data and settings via class_rm_form_controller.php rm_form_export.

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0251
EPSS Percentile 82.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (1)
metagauss/registrationmagic < 4.6.0.3
Published Mar 06, 2020
Tracked Since Feb 18, 2026