Incorrect Default Permissions vulnerability Affects RegistrationMagic
CVE-2023-23976

7.5HIGH

Key Information:

Vendor: WordPress
Status: Registrationmagic
Vendor: CVE Published:; 24 April 2024

What is CVE-2023-23976?

A vulnerability exists in the Metagauss RegistrationMagic plugin, where incorrect default permissions compromise access control mechanisms. This flaw enables unauthorized users to access functionalities that should be restricted, leading to potential misuse and security breaches. The issue affects all versions of RegistrationMagic up to and including version 5.1.9.2, emphasizing the need for immediate attention and remediation in web security protocols.

Affected Version(s)

RegistrationMagic <= 5.1.9.2

References

https://patchstack.com/database/vulnerability/custom-regi...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2024
Vulnerability Reserved
Jan 20, 2023

Credit

yuyudhn (Patchstack Alliance)

WordPress

What is CVE-2023-23976?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit