CVE-2021-4073

Name of the Vulnerable Software and Affected Versions RegistrationMagic WordPress plugin versions prior to 5.0.1.7

Description The issue allows unauthenticated users to log in as any site user, including administrators, if they know a valid username on the site. This is due to missing identity validation in the social login using email() function of the plugin.

Recommendations For versions prior to 5.0.1.7, update to version 5.0.1.7 or later to resolve the issue. As a temporary workaround, consider disabling the social login using email() function until a patch is available. Restrict access to the social login feature to minimize the risk of exploitation.