How severe is CVE-2023-2548?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-2548?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2023-2548 - HIGH Severity | CVSS 7.2

Vulnerability Description

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.

Related Vulnerabilities

CVE-2019-17050

HIGH

CVSS:7.2(High)

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a softwa...

CWE-6392019

CVE-2021-22023

HIGH

CVSS:7.2(High)

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modif...

CWE-6392021

CVE-2023-2844

HIGH

CVSS:7.2(High)

Authorization Bypass Through User-Controlled Key in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.

CWE-6392023

CVE-2025-26977

HIGH

CVSS:7.2(High)

Authorization Bypass Through User-Controlled Key vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Filebird: from n/a thr...

CWE-6392025

CVE-2019-7890

HIGH

CVSS:7.3(High)

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead t...

CWE-6392019

CVE-2021-44160

HIGH

CVSS:7.3(High)

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentica...

CWE-6392021