Vulnerability CVE-2021-24527
Published: 2021-08-16

Description:
The User Registration & User Profile ?????? Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.

Type:

CWE-287

 (Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cozmoslabs -> Profile builder 

 References:
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207
Copyright 2024, cxsecurity.com

 

Back to Top