4 matches found
Profile Builder < 3.4.9 - Improper Authentication
The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...
VulnCheck KEV: CVE-2021-24527
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...
CVE-2021-24527
Summary: CVE-2021-24527 affects the WordPress plugin Profile Builder (before 3.4.9). Multiple connected sources confirm an improper authentication in the password reset flow that lets an unauthenticated user reset the password of the blog’s administrator, enabling full site compromise and adminis...
CVE-2021-24527 Profile Builder < 3.4.9 - Admin Access via Password Reset
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...