CVE-2024-1990: 
WordPress vulnerability analysis and mitigation

The RegistrationMagic WordPress plugin (Custom Registration Forms, User Registration, Payment, and User Login) contains a blind SQL Injection vulnerability in versions up to and including 5.3.1.0. The vulnerability exists in the 'id' parameter of the RM_Form shortcode due to insufficient escaping of user-supplied parameters and inadequate SQL query preparation (NVD).

The vulnerability is classified as CWE-89 (SQL Injection) and has received a CVSS v3.1 Base Score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue stems from improper neutralization of special elements used in SQL commands within the RM_Form shortcode implementation. The vulnerability allows authenticated users with contributor-level access or higher to append additional SQL queries to existing queries (NVD).

When exploited, this vulnerability enables authenticated attackers to extract sensitive information from the database. The high CVSS score indicates that successful exploitation could lead to significant data breaches and potential system compromise (NVD).

Users should upgrade to version 5.3.2.0 or later of the RegistrationMagic plugin, which contains the security fix for this vulnerability (NVD).