216.73.216.86

CVE-2023-7264

· Published 11/06/2024 04:15 · Modified 11/06/2024 13:54

Labels: CVE-2023-7264 2024-06-11CVE-2023-7264[email protected]

Essential information

Published
11/06/2024 04:15
Modified
11/06/2024 13:54
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References