PT-2023-19852 · WordPress · Registrationmagic

István Márton

Publicado

2023-05-16

Atualizado

2023-05-22

CVE-2023-2499

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions RegistrationMagic plugin for WordPress versions up to, and including, 5.2.1.0

Description The issue is related to authentication bypass due to insufficient verification during a Google social login. This allows unauthenticated attackers to log in as any existing user, including administrators, if they have access to the email.

Recommendations For versions up to, and including, 5.2.1.0, update to a version that includes the necessary verification for Google social login to prevent authentication bypass.

Correção

Improper Authentication

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-288

Identificadores relacionados

CVE-2023-2499

Produtos afetados

Registrationmagic

PT-2023-19852 · WordPress · Registrationmagic

CVE-2023-2499

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6