WordPress Plugin Vulnerabilities

Registration Magic < 5.0.1.8 - Authentication Bypass

Description

The plugin has a bug in the social login code, making it possible for unauthenticated users to login as any account, including admins, knowing only their email address or username and using a login form created with the plugin.

Note: The issue was reported to us in August 2021 and we notify the vendor about it, however Wordfence found it as well in September and disclosed it before us.

Proof of Concept

Affects Plugins

Plugin icon
custom-registration-form-builder-with-submission-manager
Fixed in 5.0.1.8

References

CVE
CVE-2021-4073
URL
https://www.wordfence.com/blog/2021/12/authentication-bypass-vulnerability-patched-in-user-registration-plugin/

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
AyeCode Ltd
Submitter
Stiofan
Submitter website
https://ayecode.io/
Submitter twitter
_stiofan
Verified
Yes
WPVDB ID
88726c39-03b0-4831-81d5-a254aa78a2a3

Timeline

Publicly Published
2021-12-08 (about 4 years ago)
Added
2021-12-08 (about 4 years ago)
Last Updated
2022-04-11 (about 3 years ago)

Other

Published
Title
Published
2016-06-21
Title
Advanced Access Manager <= 3.2.1 - Privilege Escalation
Published
2025-01-13
Title
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.13.8 - Authentication Bypass via pms_payment_id
Published
2019-03-17
Title
Easy WP SMTP <= 1.3.9 - Unauthenticated Arbitrary wp_options Import
Published
2014-08-01
Title
WordPress 3.7.1 & 3.8.1 - Potential Authentication Cookie Forgery
Published
2014-08-01
Title
WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass