VYPR
Unrated severityNVD Advisory· Published Jul 17, 2022· Updated Aug 3, 2024

WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise

CVE-2021-24655

Description

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.