← Voltar para CVEs
CVE-2021-24527
CRITICAL9.8
Descricao
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/16/2021
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
cozmoslabs:profile_builder
Fraquezas (CWE)
CWE-287
Referencias
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207(contact@wpscan.com)
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.