Vulnerabilities > CVE-2021-4073 - Unspecified vulnerability in Metagauss Registrationmagic
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identity validation in the social login function social_login_using_email() of the plugin. This affects versions equal to, and less than, 5.0.1.7.
Vulnerable Configurations
References
- https://plugins.trac.wordpress.org/changeset/2635173/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_user_services.php
- https://plugins.trac.wordpress.org/changeset/2635173/custom-registration-form-builder-with-submission-manager/trunk/services/class_rm_user_services.php
- https://www.wordfence.com/blog/2021/12/authentication-bypass-vulnerability-patched-in-user-registration-plugin/
- https://www.wordfence.com/blog/2021/12/authentication-bypass-vulnerability-patched-in-user-registration-plugin/
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4073
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4073