Wordfence Threat Intelligence team confirmed that it had resolved a critical authentication bypass vulnerability found in the RegistrationMagic WordPress plugin. The CVE-2021-4073 vulnerability allows attackers to bypass authentication and login to WordPress websites as administrator users. When publishing this post, the plugin has more than 10 thousand active installations. Considering the seriousness of the vulnerability, we highly recommend WordPress website owners fix CVE-2021-4073 authentication bypass Vulnerability on their websites. Let’s see how to fix CVE-2021-4073 Vulnerability- Authentication Bypass Vulnerability in RegistrationMagic WordPress Plugin in this post.
What Is RegistrationMagic Plugin?
The plugin is fully named “RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin”. However, we will address the plugin only as “RegistrationMagic” throughout the post.
RegistrationMagic is a powerful WordPress user registration and Registration Form builder plugin for WordPress websites created by Registrationmagic. The plugin gives total control of user registrations on your website. It allows creating different WordPress Registration Forms with custom form fields for different users. The plugin also enables website owners to set up payment options for their prime members. And, for the user end, the RegistrationMagic plugin offers users to log in, reset the password, check payment transaction history, download their form submissions, etc. The plugin facilitates website owners in providing better user management, including role creation, and provides bulk emailing and integration with third parties for login.
What Is WordPress?
WordPress is an open-source Content Management System (CMS) written in PHP language. WordPress is one of the best and most used website builders today. It can be used to build a blog, e-commerce, business, portfolio website. Its ease of use, highly customizable features, tons of plugins, themes, cost-free, and platform flexibility have captured more than 35% of the website hosting landscape.
Summary Of The CVE-2021-4073 Vulnerability:
The vulnerability is due to the insecure implementation of user logins via third-party providers. Because of this insecure implementation, adversaries can gain admin access to an affected website without authentication. To exploit this CVE-2021-4073 authentication bypass Vulnerability, the attacker just needed the administrator’s email or username and a login form created with a vulnerable version of the plugin on the website. More technical details about the vulnerability are available here.
This vulnerability is treated critical and assigned a CVSS score of 9.8 because the attacker can gain full control of the website by exploiting the vulnerability.
|Associated CVE ID
|Authentication Bypass Vulnerability in RegistrationMagic WordPress Plugin
|Associated ZDI ID
|Attack Vector (AV)
|Attack Complexity (AC)
|Privilege Required (PR)
|User Interaction (UI)
Versions Affected To CVE-2021-4073- Authentication Bypass In RegistrationMagic Plugin
As per the report, this vulnerability exists in all the versions below 126.96.36.199. It is partially patched in 188.8.131.52 and fully patched in 184.108.40.206. We highly recommend WordPress website owners update the plugin to version 220.127.116.11.
Other WordPress Vulnerabilities In 2021:
- In May 31, 2021, a critical 0-day WordPress plugins vulnerability (CVE-2021-24370) in the Fancy Product Designer plugin.
- In October 2021, a WordPress plugin bug was discovered in the Hashthemes Demo Importer plugin that allowed users with simple subscriber permissions to wipe all content.
- In November 2021. another WordPress plugin lets attackers display a fake ransomware encryption message demanding about $6,000 to unlock the site. In the same month, Wordfence reported stored cross-site scripting (XSS) vulnerability (CVE-2021-42367) in the “Variation Swatches for WooCommerce” WordPress plugin.
How To Fix CVE-2021-4073- Authentication Bypass Vulnerability In RegistrationMagic WordPress Plugin?
With the available technology, it is not that difficult for an attacker to enumerate a WordPress website’s email address or username. Attackers can easily enumerate login page, login names, services, installed plugins just by using publicly available information like Theme design, Website structure, Elements used in the website, WordPress REST API, and WordPress XML Sitemaps information. We recommend securing your site with the deployment of premium security plugins. And implement all the best practices.
This vulnerability allows adversaries to bypass authentication and gain admin access to the WordPress website. It is critical and highly important to address this immediately. Since the flaw is fully patched in version 18.104.22.168, we recommend all the WordPress website owners who are using the RegistrationMagic plugin to manage user login and registrations, verify the plugin version and update the plugin to the latest version that is version 22.214.171.124 or higher.
To update plugin:
- Log in to the WordPress admin.
- Plugins -> Installed Plugins
- Find the RegistrationMagic plugin in the list and click update.
We believe, updating the plugins and software is not enough to stop the cyber-attacks. You should buy a good security solution like Wordfence for your WordPress site. Such security solutions will always try to implement new firewall rules and update the signature database with their research which could save your site from various threats.
Wordfence has created a firewall rule to protect its customers from attacks targeting this vulnerability. This rule is available for free Wordfence users as well but only for 30 days. So, if you are running a website or a blog on the WordPress CMS platform, we urge you to take the Wordfence Premium subscription to protect your site around the clock.
Please don’t forget to follow these guidelines to keep your WordPress website healthy and safe:
- Update all themes, plugins, and WordPress regularly.
- Limit failed logins.
- Take regular backups.
- Restrict source IP address for login.
- Deploy SSL certificate for the secure channel.
- Deactivate or delete the unused plugins.
- Change admin login slug.
- Don’t use default account names and passwords like ‘admin’ or ‘administrator.’
- Replace your default admin login page slug.
- Keep monitoring the website for any issues.