Описание
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
Ссылки
- Product
- Product
- Third Party Advisory
- Product
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.21 (включая)
cpe:2.3:a:buildapp:build_app_online:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 85%
0.02393
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 8.1
github
больше 1 года назад
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
EPSS
Процентиль: 85%
0.02393
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-640