Vulnerability Description
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Metagauss | Registrationmagic | <= 5.2.0.5 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-withPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bfbc406b-49af-419e-adeThird Party Advisory
- https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-withPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bfbc406b-49af-419e-adeThird Party Advisory
FAQ
What is CVE-2023-2548?
CVE-2023-2548 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to o...
How severe is CVE-2023-2548?
CVE-2023-2548 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2548?
Check the references section above for vendor advisories and patch information. Affected products include: Metagauss Registrationmagic.