CVE-2020-8436: 
WordPress vulnerability analysis and mitigation

CVE-2020-8436 is a security vulnerability discovered in the RegistrationMagic WordPress plugin version 4.6.0.0. The vulnerability was identified and reported by Spider Sec Ltd on January 30, 2020. It involves multiple Cross-Site Scripting (XSS) vulnerabilities that could be exploited via the rm_form_id, rm_tr, or form_name parameters (Spider Security Blog).

The vulnerability allows for both stored and reflected XSS attacks through multiple parameters including rm_form_id, form_name, and Textarea_ fields. The issue stems from inadequate validation of user input in various parts of the application where parameter values are processed without proper security checks. The vulnerability has a CVSS score of 6.1 (medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (WPScan).

An unauthenticated attacker could potentially inject malicious scripts into the application, which would execute in the administrator's browser context. This could lead to theft of session tokens and potentially compromise administrative access to the site (Spider Security Blog).

Users are advised to update to RegistrationMagic version 4.6.0.3 or later, which contains patches for these vulnerabilities (WPScan).