← Volver a CVEs
CVE-2021-24527
CRITICAL9.8
Descripcion
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado8/16/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
cozmoslabs:profile_builder
Debilidades (CWE)
CWE-287
Referencias
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207(contact@wpscan.com)
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.