Medium severity6.6NVD Advisory· Published May 16, 2023· Updated Apr 8, 2026
CVE-2023-2548
CVE-2023-2548
Description
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*Range: <=5.2.0.5
- Range: <=5.2.0.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.