Vulnerabilities > CVE-2021-24655 - Unspecified vulnerability in Wpusermanager WP User Manager

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
high complexity
wpusermanager

Summary

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

Vulnerable Configurations

Part Description Count
Application
Wpusermanager
70