PT-2025-1579 · WordPress · Wpbookit
István Márton
·
Publicado
2025-01-09
·
Atualizado
2025-06-27
·
CVE-2024-10215
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WPBookit plugin for WordPress versions up to, and including, 1.6.4
Description
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
Recommendations
For WPBookit plugin for WordPress versions up to, and including, 1.6.4, update to a version later than 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the WordPress installation to minimize the risk of exploitation.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wpbookit