CVE-2021-24862

Public Exploit

RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection

Description

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue

References

Link	Tags
https://wpscan.com/vulnerability/7d3af3b5-5548-419d-aa32-1f7b51622615	third party advisory exploit
http://packetstormsecurity.com/files/165746/WordPress-RegistrationMagic-V-5.0.1.5-SQL-Injection.html	exploit vdb entry third party advisory
https://github.com/Hacker5preme/Exploits/tree/main/Wordpress/CVE-2021-24862	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2021-24862?: CVE-2021-24862 has been scored as a high severity vulnerability.
How to fix CVE-2021-24862?: To fix CVE-2021-24862, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-24862 being actively exploited in the wild?: It is possible that CVE-2021-24862 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~36% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-24862?: CVE-2021-24862 affects Unknown RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin.

Description

Category

CWE-89 – Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References

Frequently Asked Questions