Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-24527

CWE-287 — Improper Authentication5 documents5 sources

Severity

9.8CRITICAL

EPSS

75.6%

top 1.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Unknown User Registration & User Profile – Profile Builder Cozmoslabs Profile Builder

Timeline

PublishedAug 16

Latest updateMay 24

Description

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5unknown/user_registration_&_user_profile_–_profile_builder3.4.9 — 3.4.9

▶NVDcozmoslabs/profile_builder< 3.4.9

🔴Vulnerability Details

GHSA

GHSA-cjhq-3qxp-7658: The User Registration & User Profile â€“ Profile Builder WordPress plugin before 3↗2022-05-24

▶

CVEList

Profile Builder < 3.4.9 - Admin Access via Password Reset↗2021-08-16

▶

VulnCheck

cozmoslabs profile_builder Improper Authentication↗2021

▶

💥Exploits & PoCs

Nuclei

Profile Builder < 3.4.9 - Improper Authentication

▶