Unrated severityNVD Advisory· Published Jan 9, 2025· Updated Apr 8, 2026

WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change

CVE-2024-10215

Description

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.

Affected products

Iqonicdesign/Wpbookitv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

documentation.iqonic.design/wpbookit/versions/change-logmitre
www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000