The plugin does not validate the password reset key, which could allow unauthenticated attackers to reset arbitrary account’s password to anything they want, by knowing the related email or username, gaining access to them
CPE | Name | Operator | Version |
---|---|---|---|
essential-addons-for-elementor-lite | lt | 5.7.2 |