CVE-2021-24527

Name of the Vulnerable Software and Affected Versions User Registration & User Profile – Profile Builder WordPress plugin versions prior to 3.4.9

Description The issue allows any user to reset the password of the admin of the blog and gain unauthorized access due to a bypass in the way the reset key is checked. Additionally, the admin will not be notified of such a change by email.

Recommendations For versions prior to 3.4.9, update to version 3.4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset functionality until a patch is available.