Vulnerabilities > CVE-2021-24655 - Authorization Bypass Through User-Controlled Key vulnerability in Wpusermanager WP User Manager
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |