Lucene search
WpvulndbWPVDB-ID:5DFC5CB8-53BC-4106-93AA-FB7894AE6453HistorySep 14, 2023 - 12:00 a.m.
Simplr Registration Form Plus+ <= 2.4.5 - Subscriber+ Arbitrary User Password Change via IDOR
2023-09-1400:00:00
wpscan.com
3
vulnerable
insecure direct object references
user-controlled access
bypass authorization
system resources
authenticated attackers
subscriber-level permissions
administrator accounts
software
Description The plugin is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.
Related
cvelist
cvelist
CVE-2023-4213
2023-09-13 02:54:11
nvd
nvd
CVE-2023-4213
2023-09-13 03:15:08
prion
prion
Authorization
2023-09-13 03:15:00
cve
cve
CVE-2023-4213
2023-09-13 03:15:08
wordfence
wordfence
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.4%
Related for WPVDB-ID:5DFC5CB8-53BC-4106-93AA-FB7894AE6453