CWE-620
Unverified Password Change
Description
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (46)
page 1 of 3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12824 | Cri | 0.68 | 9.8 | 0.02 | Mar 1, 2025 | The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like… | ||
| CVE-2025-4322 | Cri | 0.66 | 9.8 | 0.18 | May 20, 2025 | The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated… | ||
| CVE-2024-13375 | Cri | 0.65 | 9.8 | 0.01 | Jan 18, 2025 | The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the… | ||
| CVE-2025-10159 | Cri | 0.64 | 9.8 | 0.01 | Sep 9, 2025 | An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7). | ||
| CVE-2025-4606 | Cri | 0.64 | 9.8 | 0.01 | Jul 9, 2025 | The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password.… | ||
| CVE-2024-12827 | — | Cri | 0.64 | 9.8 | 0.00 | Jun 27, 2025 | The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password… | |
| CVE-2025-4558 | Cri | 0.64 | 9.8 | 0.00 | May 12, 2025 | The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system. | ||
| CVE-2025-2253 | Cri | 0.64 | 9.8 | 0.01 | May 9, 2025 | The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init()… | ||
| CVE-2025-1107 | Cri | 0.64 | 9.9 | 0.00 | Feb 7, 2025 | Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and… | ||
| CVE-2024-26520 | Cri | 0.64 | 9.8 | 0.01 | Jul 26, 2024 | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. | ||
| CVE-2024-37998 | Cri | 0.64 | 9.8 | 0.00 | Jul 22, 2024 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current… | ||
| CVE-2023-2449 | Cri | 0.64 | 9.8 | 0.01 | Nov 22, 2023 | The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The… | ||
| CVE-2023-2297 | Cri | 0.64 | 9.8 | 0.01 | Apr 27, 2023 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the… | ||
| CVE-2026-5386 | Cri | 0.59 | 9.1 | 0.01 | May 29, 2026 | The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings. | ||
| CVE-2025-14751 | — | Hig | 0.57 | — | 0.00 | Jan 22, 2026 | A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation. | |
| CVE-2025-9286 | Cri | 0.57 | 9.8 | 0.00 | Oct 3, 2025 | The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to… | ||
| CVE-2025-3603 | Cri | 0.57 | 9.8 | 0.00 | Apr 24, 2025 | The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it… | ||
| CVE-2017-14005 | Hig | 0.57 | 8.8 | 0.01 | Oct 17, 2017 | An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's… | ||
| CVE-2024-28143 | — | Hig | 0.55 | 8.4 | 0.00 | Dec 12, 2024 | The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing… | |
| CVE-2025-62425 | Hig | 0.54 | 8.3 | 0.00 | Oct 16, 2025 | MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to… |
- risk 0.68cvss 9.8epss 0.02
The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like…
- risk 0.66cvss 9.8epss 0.18
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated…
- risk 0.65cvss 9.8epss 0.01
The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the…
- risk 0.64cvss 9.8epss 0.01
An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).
- risk 0.64cvss 9.8epss 0.01
The Sala - Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user's identity prior to updating their details like password.…
- risk 0.64cvss 9.8epss 0.00
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password…
- risk 0.64cvss 9.8epss 0.00
The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into the system.
- risk 0.64cvss 9.8epss 0.01
The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init()…
- risk 0.64cvss 9.9epss 0.00
Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and…
- risk 0.64cvss 9.8epss 0.01
An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets.
- risk 0.64cvss 9.8epss 0.00
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current…
- risk 0.64cvss 9.8epss 0.01
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The…
- risk 0.64cvss 9.8epss 0.01
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the…
- risk 0.59cvss 9.1epss 0.01
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.
- risk 0.57cvss —epss 0.00
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
- risk 0.57cvss 9.8epss 0.00
The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the reset_user_password() REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to…
- risk 0.57cvss 9.8epss 0.00
The Flynax Bridge plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.0. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it…
- risk 0.57cvss 8.8epss 0.01
An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When setting a new password for a user, the application does not require the user to know the original password. An attacker who is authenticated could change a user's…
- risk 0.55cvss 8.4epss 0.00
The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing…
- risk 0.54cvss 8.3epss 0.00
MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to…