exploitDog

CVE-2021-24655

Опубликовано: 17 июл. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 6

EPSS Низкий

Описание

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

Ссылки

https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpusermanager:wp_user_manager:*:*:*:*:*:wordpress:*:*

Версия до 2.6.3 (исключая)

EPSS

Процентиль: 71%

0.00662

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-x6w7-v4jh-m22f

CVSS3: 7.5

github

больше 3 лет назад

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

EPSS

Процентиль: 71%

0.00662

Низкий

7.5 High

CVSS3

6 Medium

CVSS2

Дефекты

CWE-639