Vulnerability Details CVE-2021-24655
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 6.0
References
Products affected by CVE-2021-24655
-
cpe:2.3:a:wpusermanager:wp_user_manager:-
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.0.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.0.4
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.0.5
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.1.0
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.0
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.10
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.4
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.5
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.6
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.7
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.8
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.2.9
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.3.0
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.3.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.4.0
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.4.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.4.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:1.4.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.0
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.4
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.5
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.6
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.7
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.8
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.0.9
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.0
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.10
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.11
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.12
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.13
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.14
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.4
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.5
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.6
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.7
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.8
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.1.9
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.2.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.2.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.2.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.10
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.11
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.12
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.13
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.3
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.4
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.5
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.6
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.7
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.8
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.3.9
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.4
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.4.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.4.2
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.5
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.6
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.6.1
-
cpe:2.3:a:wpusermanager:wp_user_manager:2.6.2