CVE-2021-24527
Profile Builder < 3.4.9 - Admin Access via Password Reset
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS —EPSS 7.7%KEV nãoPoC —Nuclei simMetasploit —Patch —
Ciclo de vida
16 ago 2021Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
Productos afectados
Unknown · User Registration & User Profile – Profile Builder¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →