CVE-2023-23976 – WordPress RegistrationMagic plugin <= 5.1.9.2 - Arbitrary Price Change

https://notcve.org/view.php?id=CVE-2023-23976

Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. La vulnerabilidad de permisos predeterminados incorrectos en Metagauss RegistrationMagic permite acceder a una funcionalidad que no está correctamente restringida por las ACL. Este problema afecta a RegistrationMagic: desde n/a hasta 5.1.9.2. The RegistrationMagic plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 5.1.9.2. This makes it possible for unauthenticated attackers to alter the price of registrations. • https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-custom-registration-forms-user-registration-and-user-login-plugin-plugin-5-1-9-2-arbitrary-price-change?_s_id=cve • CWE-276: Incorrect Default Permissions CWE-285: Improper Authorization •