Aschoiloa1890

**Name of the Vulnerable Software and Affected Versions** Ace User Management WordPress plugin versions through 2.0.3 **Description** The Ace User Management WordPress plugin does not properly validate that a password reset token is associated with the requesting user. This allows authenticated users, even those with subscriber privileges, to reset the passwords of any account, including administrator accounts. **Recommendations** Update Ace User Management WordPress plugin to a version later than 2.0.3.