3 matches found
CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
CVE-2024-10215
The CVE-2024-10215 entry concerns the WPBookit WordPress plugin (versions up to and including 1.6.4). The root cause is that the plugin exposes user-controlled access to objects, allowing unauthorized users to bypass authorization and change passwords. The practical impact is that unauthenticated...
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...