CVE-2017-20208

Name of the Vulnerable Software and Affected Versions RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress versions prior to 3.7.9.3

Description The RegistrationMagic plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the is expired by date() function. This allows unauthenticated attackers to inject a PHP Object. The presence of a PHP Object Payload (POP) chain enables attackers to retrieve and install a remote file on the affected site.

Recommendations Update the RegistrationMagic plugin to version 3.7.9.3 or later.