CVE-2021-24655

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

EPSS 0.8%CWE-639

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

17 Jul 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

Affected products

Unknown · WP User Manager – User Profile Builder & Membership

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f