CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-08-16 11:15

Updated : 2023-11-07 03:31

NVD link : CVE-2021-24527

Mitre link : CVE-2021-24527

CVE.ORG link : CVE-2021-24527

JSON object : View

Products Affected

cozmoslabs

profile_builder

CWE

CWE-287

Improper Authentication

{"id": "CVE-2021-24527", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-08-16T11:15:08.803", "references": [{"url": "https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "contact@wpscan.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The User Registration & User Profile \u2013 Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example."}, {"lang": "es", "value": "El plugin de WordPress Profile Builder de User Registration & User Profile versiones anteriores a 3.4.9, presenta un bug, permitiendo a cualquier usuario restablecer la contrase\u00f1a del administrador del blog, y conseguir un acceso no autorizado, debido a una omisi\u00f3n en la manera en que se comprueba la clave de restablecimiento. Adem\u00e1s, el administrador no ser\u00e1 notificado de dicho cambio por correo electr\u00f3nico, por ejemplo."}], "lastModified": "2023-11-07T03:31:17.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "54CA55F0-3D7E-415C-89A0-EB7A952069BE", "versionEndExcluding": "3.4.9"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}