3 matches found
CVE-2023-2499
RegistrationMagic (WordPress) is affected up to version 5.2.1.0 with an authentication bypass via Google social login due to insufficient verification of the targeted user. Unauthenticated attackers could log in as any existing user (e.g., admin) if they can access the user’s email. CVSS v3.1 bas...
CVE-2023-2499 RegistrationMagic <= 5.2.1.0 - Authentication Bypass
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to...
WordPress RegistrationMagic Plugin <= 5.2.1.0 is vulnerable to Broken Authentication
Software RegistrationMagic Type Plugin Vulnerable versions = 5.2.1.0 Fixed in 5.2.1.1 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2023-2499 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID f084db8412d3 Credits Lana Codes Required...