Critical severity9.8NVD Advisory· Published Aug 16, 2021· Updated Jun 17, 2026
CVE-2021-24527
CVE-2021-24527
Description
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/User Registration & User Profile – Profile Builderdescription
- Range: <3.4.9
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.