QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24527

Published: Aug 16, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.

Vendor	Product	Versions
Unknown	User Registration & User Profile – Profile Builder	affected `3.4.9 - < 3.4.9`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.