VYPR

CWE-620

Unverified Password Change

BaseDraft

Description

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (46)

page 2 of 3
  • CVE-2025-61536HigOct 16, 2025
    risk 0.53cvss 8.2epss 0.00

    FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit a misconfigured proxy/load-balancer that forwards the header…

  • CVE-2025-22381HigOct 16, 2025
    risk 0.53cvss 8.2epss 0.01

    Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user's password.

  • CVE-2024-13373HigMar 1, 2025
    risk 0.53cvss 8.1epss 0.00

    The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the…

  • CVE-2025-3607HigApr 24, 2025
    risk 0.50cvss 8.8epss 0.00

    The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.8. This is due to the plugin not properly validating a user's identity prior to updating a password. This makes it…

  • CVE-2025-67719HigDec 11, 2025
    risk 0.48cvss epss 0.00

    Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to…

  • CVE-2026-42084HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by…

  • CVE-2026-40588HigApr 21, 2026
    risk 0.46cvss 8.1epss 0.00

    blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at /profile/{slug}/edit/ does not include a current_password field and does not verify the user's existing password before accepting a new one. Any attacker who obtains a valid…

  • CVE-2025-61132HigOct 23, 2025
    risk 0.46cvss 7.1epss 0.00

    A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of the Host header when Flask's url_for(_external=True) generates reset links…

  • CVE-2023-4214HigNov 18, 2023
    risk 0.46cvss 8.1epss 0.01

    The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.

  • CVE-2025-46389MedAug 6, 2025
    risk 0.42cvss 6.5epss 0.00

    CWE-620: Unverified Password Change

  • CVE-2018-8916MedJun 8, 2018
    risk 0.41cvss 6.3epss 0.01

    Unverified password change vulnerability in Change Password in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to reset password without verification.

  • CVE-2019-25653MedMar 30, 2026
    risk 0.40cvss 6.2epss 0.00

    Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during…

  • CVE-2023-4915MedSep 13, 2023
    risk 0.34cvss 5.3epss 0.00

    The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control…

  • CVE-2025-3793MedApr 24, 2025
    risk 0.27cvss 4.2epss 0.00

    The Buddypress Force Password Change plugin for WordPress is vulnerable to authenticated account takeover due to the plugin not properly validating a user's identity prior to updating their password through the 'bp_force_password_ajax' function in all versions up to, and…

  • CVE-2026-8327MedMay 21, 2026
    risk 0.21cvss 4.3epss 0.00

    Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update() without field whitelisting resulting in password change without…

  • CVE-2026-9249LowMay 22, 2026
    risk 0.20cvss 3.1epss 0.00

    Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server…

  • CVE-2026-2543LowFeb 16, 2026
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password change. The attack can be…

  • CVE-2025-46748LowMay 12, 2025
    risk 0.18cvss 2.7epss 0.00

    An authenticated user attempting to change their password could do so without using the current password.

  • CVE-2024-47784LowApr 30, 2025
    risk 0.17cvss 2.6epss 0.00

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.

  • CVE-2025-47938May 20, 2025
    risk 0.00cvss epss 0.00

    TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current…