Описание
The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators.
EPSS
Процентиль: 16%
0.00051
Низкий
6.3 Medium
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 6.3
github
3 месяца назад
The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators.
EPSS
Процентиль: 16%
0.00051
Низкий
6.3 Medium
CVSS3