CVE-2021-24527 (GCVE-0-2021-24527)
Vulnerability from cvelistv5
Published
2021-08-16 10:48
Modified
2024-08-03 19:35
Severity ?
CWE
  • CWE-287 - Improper Authentication
Summary
The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.
References
Impacted products
Vendor Product Version
Unknown User Registration & User Profile – Profile Builder Version: 3.4.9   < 3.4.9
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:35:19.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "User Registration \u0026 User Profile \u2013 Profile Builder",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.4.9",
              "status": "affected",
              "version": "3.4.9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Stiofan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The User Registration \u0026 User Profile \u2013 Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-16T10:48:27",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Profile Builder \u003c 3.4.9 - Admin Access via Password Reset",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24527",
          "STATE": "PUBLIC",
          "TITLE": "Profile Builder \u003c 3.4.9 - Admin Access via Password Reset"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "User Registration \u0026 User Profile \u2013 Profile Builder",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "3.4.9",
                            "version_value": "3.4.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Stiofan"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The User Registration \u0026 User Profile \u2013 Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287 Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24527",
    "datePublished": "2021-08-16T10:48:27",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:35:19.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24527\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-08-16T11:15:08.803\",\"lastModified\":\"2024-11-21T05:53:14.443\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The User Registration \u0026 User Profile \u2013 Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.\"},{\"lang\":\"es\",\"value\":\"El plugin de WordPress Profile Builder de User Registration \u0026amp; User Profile versiones anteriores a 3.4.9, presenta un bug, permitiendo a cualquier usuario restablecer la contrase\u00f1a del administrador del blog, y conseguir un acceso no autorizado, debido a una omisi\u00f3n en la manera en que se comprueba la clave de restablecimiento. Adem\u00e1s, el administrador no ser\u00e1 notificado de dicho cambio por correo electr\u00f3nico, por ejemplo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"3.4.9\",\"matchCriteriaId\":\"54CA55F0-3D7E-415C-89A0-EB7A952069BE\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.