RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, CVE-2023-2548

CVE, Research URL: CVE-2023-2548
Home page URL: Security reports for RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Application: RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login
Published on: May 16, 2023
Research Description: The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.
Affected versions: max 5.2.4.2.
Status: vulnerable

RegistrationMagic &#8211; Custom Registration Forms, User Registration, Payment, and User Login, CVE-2023-2548