Wsk3R

Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.79.1 Description A flaw exists in the password recovery process that could allow an unauthenticated attacker to act on behalf of a user initiating a password reset. The issue affects users utilizing Payload versions prior to 3.79.1 with authentication-enabled collections using the built-in `forgot-password` functionality. Recommendations Upgrade to version 3.79.1 or later.