Assigner | Wordfence |
Reserved | 2024-05-28 |
Published | 2024-06-11 |
Updated | 2024-06-12 |
Description
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Problem types
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
Product status
*
Timeline
2023-12-27: | Disclosed |
Credits
Ramuel Gall