CVE-2023-2548: 
WordPress vulnerability analysis and mitigation

The RegistrationMagic WordPress plugin (versions up to 5.2.0.5) was identified with an Insecure Direct Object References vulnerability (CVE-2023-2548). The vulnerability was discovered and disclosed on May 12, 2023, affecting the plugin's user access control mechanisms (NVD).

The vulnerability stems from the plugin's implementation of user-controlled access to objects, which allows bypassing authorization mechanisms to access system resources. The issue has been assigned a CVSS v3.1 base score of 7.2 (HIGH) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, while Wordfence assessed it at 6.6 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-639 (Authorization Bypass Through User-Controlled Key) (NVD).

The vulnerability enables authenticated attackers with administrator-level permissions or higher to modify user passwords and potentially compromise super-administrator accounts in multisite WordPress installations (NVD).

A patch has been implemented in the plugin's source code to address the vulnerability. Users are advised to update their RegistrationMagic plugin to a version newer than 5.2.0.5 (WordPress Patch).