CVE-2021-24527

Profile Builder < 3.4.9 - Admin Access via Password Reset

EPSS 7.7%CWE-287

Vexday Risk Score

18Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 7.7%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

16 Aug 2021Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.

Affected products

Unknown · User Registration & User Profile – Profile Builder

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207