Unrated severityNVD Advisory· Published Mar 11, 2024· Updated Nov 1, 2024
Formidable Registration < 2.12 - Contributor+ Arbitrary User Password Reset To Account Takeover
CVE-2024-1290
Description
The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.12
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/a60187d4-9491-435a-bc36-8dd348a1ffa3/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.