2 matches found
CVE-2024-13373
creationtimestamp| type| source ---|---|--- 2025-03-01 07:27:01+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6057 2025-03-01 09:48:03+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114086542262965907 2025-03-01 10:35:41+00:00| seen| https://t.me/cvedetector/19225 2025-03-...
CVE-2024-13373 Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update
The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the flforgotpassnew function. This makes ...