Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.7 views

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.8CVSS6.8AI score0.01798EPSS
Exploits1References1
NVD
NVD
added 2021/11/23 8:15 p.m.31 views

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.8CVSS0.01798EPSS
Exploits1References2
OSV
OSV
added 2021/11/23 8:15 p.m.18 views

CVE-2021-24892

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.8CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2021/11/23 7:16 p.m.77 views

CVE-2021-24892

The CVE-2021-24892 issue affects WordPress Advanced Forms (Free & Pro) prior to 1.6.9. Affected component: edit function handling user email updates via insecure direct object reference (IDOR). Root cause: authenticated users can exploit IDOR to modify arbitrary users’ email addresses and trigger...

8.8CVSS8.6AI score0.01798EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/23 7:16 p.m.39 views

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.7AI score0.01798EPSS
Exploits1References2
Rows per page
Query Builder