CVE-2021-24648

Name of the Vulnerable Software and Affected Versions RegistrationMagic WordPress plugin versions prior to 5.0.1.9

Description The issue concerns a Reflected Cross-Site Scripting problem. It arises because the rm search value parameter is not properly sanitised and escaped before being outputted back in an attribute. This lack of sanitisation and escaping can lead to malicious script execution.

Recommendations For versions prior to 5.0.1.9, update to version 5.0.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected parameter rm search value to minimize the risk of exploitation.