The WooCommerce mobile phone registration plugin has an authentication bypass vulnerability allowing unauthenticated attackers to log in as any user, including administrators, with EPSS 0.42%.
WordPress
Authentication Bypass
PHP
NVD
CVSS 3.1
9.8
EPSS
0.4%
The RegistrationMagic WordPress plugin up to version 6.0 allows unauthenticated privilege escalation, enabling attackers to create admin accounts and take over WordPress sites.
WordPress
Privilege Escalation
PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%