453 matches found
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to...
CVE-2023-2499
RegistrationMagic (WordPress) is affected up to version 5.2.1.0 with an authentication bypass via Google social login due to insufficient verification of the targeted user. Unauthenticated attackers could log in as any existing user (e.g., admin) if they can access the user’s email. CVSS v3.1 bas...
CVE-2023-2548
CVE-2023-2548 affects the WordPress plugin RegistrationMagic (versions up to 5.2.0.5). The root cause is Insecure Direct Object References, where the plugin exposes user-controlled objects, allowing an authenticated admin+ to bypass authorization and access system resources. Impact: an attacker w...
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to...
WordPress RegistrationMagic Plugin <= 5.2.1.0 is vulnerable to Broken Authentication
Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.1.0 Fixed in 5.2.1.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2499 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f084db8412d3 Credits Lana Codes Required...
WordPress plugin RegistrationMagic 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin RegistrationMagic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-20098 · WordPress · Registrationmagic
Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin for WordPress versions up to, and including, 5.2.0.5 Description: The issue allows authenticated attackers with administrator-level permissions and above to bypass authorization and access system resources due to...
CVE-2023-25991
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...
CVE-2023-25991
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...
CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...
CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...
CVE-2023-25991
CVE-2023-25991 is a CSRF vulnerability in the WordPress plugin RegistrationMagic, affected versions
PT-2023-20416 · WordPress · Registrationmagic
Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin versions = 5.1.9.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
WordPress plugin RegistrationMagic 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software RegistrationMagic Type Plugin Vulnerable versions = 5.1.9.2 Fixed in 5.1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25991 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 48a51a4ffc71 Credits Rafshanzani...
WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Content Injection
Software RegistrationMagic Type Plugin Vulnerable versions = 5.1.9.2 Fixed in 5.1.9.3 OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-23989 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 54c74a7cedb6 Credits yuyudhn Required privilege...
WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Other Vulnerability Type
Software RegistrationMagic Type Plugin Vulnerable versions = 5.1.9.2 Fixed in 5.1.9.3 OWASP Top 10 A6: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-23976 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f7bad77a6622 Credits yuyudhn Requir...