1 results (0.033 seconds)
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0
CVE-2021-39331 – YITH Easy Login & Register Popup for WooCommerce <= 1.8.0 - Authentication Bypass via Password Reset
https://notcve.org/view.php?id=CVE-2021-39331
The YITH Easy Login & Register Popup for WooCommerce plugin for WordPress is vulnerable to authorization bypass via password reset in versions up to, and including, 1.8.0. This is due to the plugin failing to properly validate if a user is authorized to perform a password reset for the supplied user_login via the yith_welrp_form_action AJAX. This makes it possible for unauthenticated users to reset administrators password and then log in to a site using that account. • CWE-639: Authorization Bypass Through User-Controlled Key •