Описание
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.4.9 (исключая)
cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 99%
0.69958
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
EPSS
Процентиль: 99%
0.69958
Средний
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-287