RSS   Vulnerabilities for 'Wp user manager'   RSS

2022-07-17
 
CVE-2021-24655

CWE-639
 

 
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

 


Copyright 2024, cxsecurity.com

 

Back to Top