Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-2499
HistoryMay 16, 2023 - 9:15 a.m.

Authentication flaw

2023-05-1609:15:00
PRIOn knowledge base
www.prio-n.com
2
registrationmagic
authentication bypass
google social login
unauthenticated attackers
site security

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CPENameOperatorVersion
registrationmagicle5.2.1.0

Related

nvd 1
cvelist 1
cve 1
wordfence 2
nvd
nvd
CVE-2023-2499
2023-05-16 09:15:09
cvelist
cvelist
CVE-2023-2499
2023-05-16 08:40:01
cve
cve
CVE-2023-2499
2023-05-16 09:15:09
wordfence
wordfence
2023’s Critical WordPress Vulnerabilities and How They Work
2024-02-12 19:11:21
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 15, 2023 to May 21, 2023)
2023-05-25 13:11:33

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON
Related for PRION:CVE-2023-2499
nvd1cvelist1cve1wordfence2