Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:5DBFFA2F-D3C5-4BD4-8BEA-0DAED3FE859E
HistoryNov 24, 2023 - 12:00 a.m.

Simple Membership < 4.3.5 - Account Takeover via Password Reset

2023-11-2400:00:00
wpscan.com
5
wordpress
plugin
account takeover
password reset
input validation

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The Simple Membership plugin for WordPress is vulnerable to account takeover due to missing input validation on the process_password_reset_using_link function in versions up to, and including, 4.3.4. This makes it possible for authenticated attackers to gain access to arbitrary accounts on the site via the password reset functionality.

CPENameOperatorVersion
eq4.3.5

Related

cve 1
nvd 1
cvelist 1
vulnrichment 1
nessus 1
wordfence 1
cve
cve
CVE-2023-41956
2024-05-17 07:16:00
nvd
nvd
CVE-2023-41956
2024-05-17 07:16:00
cvelist
cvelist
CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability
2024-05-17 06:55:53
vulnrichment
vulnrichment
CVE-2023-41956 WordPress Simple Membership plugin <= 4.3.4 - Authenticated Account Takeover vulnerability
2024-05-17 06:55:53
nessus
nessus
Simple Membership Plugin For WordPress < 4.3.5 Multiple Vulnerabilities
2023-10-05 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 25, 2023 to October 1, 2023)
2023-10-05 15:10:17

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for WPVDB-ID:5DBFFA2F-D3C5-4BD4-8BEA-0DAED3FE859E
cve1nvd1cvelist1vulnrichment1nessus1wordfence1