| |
Vulnerability CVE-2021-24527
Published: 2021-08-16
Description: |
The User Registration & User Profile ?????? Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example. |
Type:
CWE-287 (Improper Authentication)
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
10/10 |
10/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|