Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-4073
HistoryDec 14, 2021 - 4:15 p.m.

CVE-2021-4073

2021-12-1416:15:09
CWE-287
[email protected]
web.nvd.nist.gov
19
registrationmagic
wordpress
plugin
vulnerability
unauthenticated login
security
cve-2021-4073
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7.

Affected configurations

Vulners
NVD
Node
registrationmagicregistrationmagicRange5.0.1.75.0.1.7

CNA Affected

[
  {
    "product": "RegistrationMagic",
    "vendor": "RegistrationMagic",
    "versions": [
      {
        "lessThanOrEqual": "5.0.1.7",
        "status": "affected",
        "version": "5.0.1.7",
        "versionType": "custom"
      }
    ]
  }
]

Related

cnvd 1
wordfence 1
nvd 1
cvelist 1
patchstack 1
prion 1
cnvd
cnvd
WordPress RegistrationMagic plugin authorization problem vulnerability
2021-12-19 00:00:00
wordfence
wordfence
Authentication Bypass Vulnerability Patched in User Registration Plugin
2021-12-08 15:05:44
nvd
nvd
CVE-2021-4073
2021-12-14 16:15:09
cvelist
cvelist
CVE-2021-4073 RegistrationMagic <= 5.0.1.7 Authentication Bypass
2021-12-08 00:00:00
patchstack
patchstack
WordPress RegistrationMagic plugin <= 5.0.1.7 - Authentication Bypass vulnerability
2021-12-08 00:00:00
prion
prion
Design/Logic Flaw
2021-12-14 16:15:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON
Related for CVE-2021-4073
cnvd1wordfence1nvd1cvelist1patchstack1prion1