WordPress Ace User Management plugin does not properly validate password reset token vulnerability

WordPress Ace User Management plugin is a WordPress user management plugin developed by Acewebx, mainly used to enhance and customize WordPress user roles, permissions and management features. WordPress Ace User Management plugin suffers from an improperly validated password reset token...

WordPress Ace User Management plugin <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest vulnerability

Subscriber+ Authentication Bypass via Password Rest vulnerability discovered by aschoiloa1890 in WordPress Plugin Ace User Management versions = 2.0.3...

CVE-2025-6027

The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators...

CVE-2025-6027 Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest

The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators...

CVE-2025-6027

CVE-2025-6027 affects the WordPress plugin Ace User Management (versions up to and including 2.0.3). The vulnerability allows any authenticated user (e.g., a subscriber) to reset the password of arbitrary accounts, including administrators, due to improper validation of the password reset token b...

PT-2025-45083

Name of the Vulnerable Software and Affected Versions Ace User Management WordPress plugin versions through 2.0.3 Description The Ace User Management WordPress plugin does not properly validate that a password reset token is associated with the requesting user. This allows authenticated users, ev...

WordPress plugin Ace User Management 安全漏洞

WordPress Ace User Management plugin is a WordPress user management plugin developed by Acewebx, mainly used to enhance and customize WordPress user roles, permissions and management features. WordPress Ace User Management plugin suffers from an improperly validated password reset token...