CVE-2023-47645

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-2-6-delete-form-submission-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2023-11-30 14:15

Updated : 2023-12-05 19:33

NVD link : CVE-2023-47645

Mitre link : CVE-2023-47645

CVE.ORG link : CVE-2023-47645

JSON object : View

Products Affected

metagauss

registrationmagic

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-47645", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-11-30T14:15:10.200", "references": [{"url": "https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-2-6-delete-form-submission-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login allows Cross Site Request Forgery.This issue affects RegistrationMagic \u2013 Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.2.6.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en RegistrationMagic RegistrationMagic: formularios de registro personalizados, registro de usuario, pago e inicio de sesi\u00f3n de usuario permite la Cross-Site Request Forgery. Este problema afecta a RegistrationMagic: formularios de registro personalizados, registro de usuario, pago e inicio de sesi\u00f3n de usuario: desde n/a hasta 5.2.2.6."}], "lastModified": "2023-12-05T19:33:01.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B9305F3B-FE78-4C87-8677-FA2D958A764C", "versionEndExcluding": "5.2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}