VYPR

CWE-620

Unverified Password Change

BaseDraft

Description

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (46)

page 1 of 3
  • CVE-2024-12824CriMar 1, 2025
    risk 0.68cvss 9.8epss 0.02

    The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like…

  • CVE-2025-4322CriMay 20, 2025
    risk 0.66cvss 9.8epss 0.18

    The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated…

  • CVE-2024-13375CriJan 18, 2025
    risk 0.65cvss 9.8epss 0.01

    The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the…

  • CVE-2025-10159CriSep 9, 2025
    risk 0.64cvss 9.8epss 0.01

    An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).

  • CVE-2025-4606CriJul 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password.…

  • CVE-2024-12827CriJun 27, 2025
    risk 0.64cvss 9.8epss 0.00

    The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password…

  • CVE-2025-4558CriMay 12, 2025
    risk 0.64cvss 9.8epss 0.00

    The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.

  • CVE-2025-2253CriMay 9, 2025
    risk 0.64cvss 9.8epss 0.01

    The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init()…

  • CVE-2025-1107CriFeb 7, 2025
    risk 0.64cvss 9.9epss 0.00

    Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and…

  • CVE-2024-26520CriJul 26, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.

  • CVE-2024-37998CriJul 22, 2024
    risk 0.64cvss 9.8epss 0.00

    A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current…

  • CVE-2023-2449CriNov 22, 2023
    risk 0.64cvss 9.8epss 0.01

    The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The…

  • CVE-2023-2297CriApr 27, 2023
    risk 0.64cvss 9.8epss 0.01

    The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…

  • CVE-2026-5386CriMay 29, 2026
    risk 0.59cvss 9.1epss 0.01

    The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.

  • CVE-2025-14751HigJan 22, 2026
    risk 0.57cvss epss 0.00

    A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.

  • CVE-2025-9286CriOct 3, 2025
    risk 0.57cvss 9.8epss 0.00

    The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to…

  • CVE-2025-3603CriApr 24, 2025
    risk 0.57cvss 9.8epss 0.00

    The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it…

  • CVE-2017-14005HigOct 17, 2017
    risk 0.57cvss 8.8epss 0.01

    An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's…

  • CVE-2024-28143HigDec 12, 2024
    risk 0.55cvss 8.4epss 0.00

    The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing…

  • CVE-2025-62425HigOct 16, 2025
    risk 0.54cvss 8.3epss 0.00

    MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to…