Lucene search
K

453 matches found

Cvelist
Cvelist
added 2023/05/16 8:40 a.m.17 views

CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible f...

6.6CVSS7AI score0.00718EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/16 8:40 a.m.23 views

CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to...

9.8CVSS9.7AI score0.01312EPSS
Exploits0References3
CVE
CVE
added 2023/05/16 8:40 a.m.47 views

CVE-2023-2499

RegistrationMagic (WordPress) is affected up to version 5.2.1.0 with an authentication bypass via Google social login due to insufficient verification of the targeted user. Unauthenticated attackers could log in as any existing user (e.g., admin) if they can access the user’s email. CVSS v3.1 bas...

9.8CVSS9.5AI score0.01312EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/05/16 8:40 a.m.49 views

CVE-2023-2548

CVE-2023-2548 affects the WordPress plugin RegistrationMagic (versions up to 5.2.0.5). The root cause is Insecure Direct Object References, where the plugin exposes user-controlled objects, allowing an authenticated admin+ to bypass authorization and access system resources. Impact: an attacker w...

7.2CVSS7.3AI score0.00718EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/16 8:40 a.m.8 views

CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to...

9.8CVSS7.2AI score0.01312EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/05/16 12:0 a.m.8 views

WordPress RegistrationMagic Plugin <= 5.2.1.0 is vulnerable to Broken Authentication

Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.1.0 Fixed in 5.2.1.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2499 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f084db8412d3 Credits Lana Codes Required...

9.8CVSS6.5AI score0.01312EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.2 views

WordPress plugin RegistrationMagic 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.4AI score0.01312EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/16 12:0 a.m.6 views

WordPress plugin RegistrationMagic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

7.2CVSS7.6AI score0.00718EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/16 12:0 a.m.5 views

PT-2023-20098 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin for WordPress versions up to, and including, 5.2.0.5 Description: The issue allows authenticated attackers with administrator-level permissions and above to bypass authorization and access system resources due to...

7.2CVSS7.3AI score0.00718EPSS
Exploits0References4
NVD
NVD
added 2023/03/13 2:15 p.m.13 views

CVE-2023-25991

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...

8.8CVSS6.5AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2023/03/13 2:15 p.m.2 views

CVE-2023-25991

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...

8.8CVSS7.3AI score0.00248EPSS
Exploits0References1
Prion
Prion
added 2023/03/13 2:15 p.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...

6.8CVSS8.7AI score0.00248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/13 1:58 p.m.7 views

CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...

5.4CVSS8.9AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/13 1:58 p.m.16 views

CVE-2023-25991 WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in RegistrationMagic plugin = 5.1.9.2 versions...

5.4CVSS9AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2023/03/13 1:58 p.m.38 views

CVE-2023-25991

CVE-2023-25991 is a CSRF vulnerability in the WordPress plugin RegistrationMagic, affected versions

8.8CVSS7.2AI score0.00248EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.3 views

PT-2023-20416 · WordPress · Registrationmagic

Name of the Vulnerable Software and Affected Versions: RegistrationMagic plugin versions = 5.1.9.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...

8.8CVSS8.8AI score0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.3 views

WordPress plugin RegistrationMagic 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.2AI score0.00248EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/02/17 12:0 a.m.12 views

WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software RegistrationMagic Type Plugin Vulnerable versions = 5.1.9.2 Fixed in 5.1.9.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25991 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 48a51a4ffc71 Credits Rafshanzani...

8.8CVSS6.7AI score0.00248EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.13 views

WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Content Injection

Software RegistrationMagic Type Plugin Vulnerable versions = 5.1.9.2 Fixed in 5.1.9.3 OWASP Top 10 A1: Injection Classification Content Injection CVE CVE-2023-23989 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 54c74a7cedb6 Credits yuyudhn Required privilege...

6.5CVSS7.2AI score0.00358EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/01/20 12:0 a.m.11 views

WordPress RegistrationMagic Plugin <= 5.1.9.2 is vulnerable to Other Vulnerability Type

Software RegistrationMagic Type Plugin Vulnerable versions = 5.1.9.2 Fixed in 5.1.9.3 OWASP Top 10 A6: Security Misconfiguration Classification Other Vulnerability Type CVE CVE-2023-23976 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID f7bad77a6622 Credits yuyudhn Requir...

7.5CVSS6.8AI score0.00459EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder