RegistrationMagic WordPress Plugin SQL Injection Vulnerability

A SQL injection vulnerability has been identified in the RegistrationMagic WordPress plugin, specifically in the Custom Registration Forms, User Registration, Payment, and User Login components, affecting all versions through 6.0.6.2. The vulnerability arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries, allowing authenticated attackers with administrator privileges to inject additional SQL commands. This exploitation could lead to unauthorized access to sensitive database information. Furthermore, an unauthenticated attacker could inject cross-site scripting (XSS) payloads via the user-agent, potentially causing reflected XSS attacks.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to extract sensitive information from the database. Additionally, the vulnerability could be leveraged to perform reflected cross-site scripting attacks.

Reproduction

To reproduce this vulnerability, an authenticated user with administrator access can submit a form using the RegistrationMagic plugin. During the submission, inject a SQL payload into a user-supplied parameter that is not properly escaped. This can be done by exploiting the 'Reports' feature of the plugin, which processes form data and submissions. After the form is submitted, the injected SQL query can be executed, potentially leading to unauthorized data access.

Remediation

Users are advised to update the RegistrationMagic WordPress plugin to version 6.0.6.3 or later.