Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-8435
CVE-2020-8435:
WordPress vulnerability analysis and mitigation
Overview
An issue was discovered in the RegistrationMagic plugin version 4.6.0.0 for WordPress. The vulnerability involves SQL injection via the rm_analytics_show_form rm_form_id parameter (CVE Details, Spider Security).
Technical details
The vulnerability exists in the form_id field which processes input from the front end without proper validation. The SQL injection vulnerability is triggered through the rm_form_id parameter in the URL. An example of the vulnerable URL pattern is: http://[site]/wp-admin/admin.php?page=rm_analytics_show_form&rm_form_id=(select*from(select(sleep(20)))a)&rm_tr=30. The issue affects the database query that selects browser statistics (Spider Security).
Impact
The most likely attack vectors include Denial of Service (DOS) or Information Disclosure if a successful phishing campaign is made against the administrator. The vulnerability could allow attackers to execute arbitrary SQL queries on the affected database (Spider Security).
Mitigation and workarounds
Users are advised to update to the latest version of RegistrationMagic plugin. The vulnerability was fixed in version 4.6.0.3 (WPScan).
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management