Lucene search
+L

4 matches found

Nuclei
Nuclei
added 19 hours ago20 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS8.3AI score0.07696EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2023/01/11 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...

10CVSS7.2AI score0.07696EPSS
Exploits2References1
CVE
CVE
added 2021/08/16 10:48 a.m.90 views

CVE-2021-24527

Summary: CVE-2021-24527 affects the WordPress plugin Profile Builder (before 3.4.9). Multiple connected sources confirm an improper authentication in the password reset flow that lets an unauthenticated user reset the password of the blog’s administrator, enabling full site compromise and adminis...

10CVSS9.7AI score0.07696EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/08/16 10:48 a.m.24 views

CVE-2021-24527 Profile Builder < 3.4.9 - Admin Access via Password Reset

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such...

9.8AI score0.07696EPSS
Exploits2References1
Rows per page
Query Builder