Description The Simple Membership plugin for WordPress is vulnerable to account takeover due to missing input validation on the process_password_reset_using_link function in versions up to, and including, 4.3.4. This makes it possible for authenticated attackers to gain access to arbitrary accounts on the site via the password reset functionality.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 4.3.5 |