CVE-2024-13375

Name of the Vulnerable Software and Affected Versions Adifier System plugin for WordPress versions up to, and including, 3.1.7

Description The issue arises from the plugin's failure to properly validate a user's identity before updating their details, such as passwords, through the adifier recover() function. This makes it possible for unauthenticated attackers to change arbitrary users' passwords, including those of administrators, and gain access to their accounts.

Recommendations For Adifier System plugin for WordPress versions up to, and including, 3.1.7: Update to a version later than 3.1.7 to resolve the issue. As a temporary workaround, consider disabling the adifier recover() function until a patch is available. Restrict access to the plugin's user management features to minimize the risk of exploitation.