CVE Published: 17/07/2022 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: WPScan |
Vendor: Unknown |
Product: WP User Manager – User Profile Builder & Membership Status : PUBLISHED
CVE-2021-24655 Description
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.