CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-24655.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

942 B
Raw Permalink Blame History

CVE-2021-24655

Description

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

POC

Reference

Github

Reference in New Issue View Git Blame Copy Permalink