9.7 High
AI Score
Confidence
High
0.064 Low
EPSS
Percentile
93.7%
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200
www.exploit-db.com/exploits/49989
www.wowonder.com