Unrated severityNVD Advisory· Published Jul 17, 2022· Updated Aug 3, 2024
WP User Manager < 2.6.3 - Arbitrary User Password Reset to Account Compromise
CVE-2021-24655
Description
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.6.3
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541fmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.