WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WP User Manager version prior to 2.6.3 is vulnerable to an information disclosure vulnerability that stems from the plugin’s failure to ensure that the user ID to reset a password is associated with a given reset key. The vulnerability can be exploited by attackers to reset the password of any user who only knows their ID and gain access to their account.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress wp user manager | lt | 2.6.3 |