3 matches found
CVE-2024-8794
CVE-2024-8794 affects the BA Book Everything WordPress plugin (versions
CVE-2024-8794 BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset
The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the resetuserpassword function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to...
WordPress BA Book Everything Plugin <= 1.6.20 is vulnerable to Broken Access Control
Software BA Book Everything Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-8794 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6b66f7725d47 Credits wesley wcraft Required...