What is CVE-2021-24527?

CVE-2021-24527 is a vulnerability in User Registration & Profile – Builder, classified under Improper Authentication. Published 2021-08-16.

Is CVE-2021-24527 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in User Registration & Profile – Builder

CVE-2021-24527

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is chec…

Vulnerability class: Broken Authentication

EPSS: 0.756 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown User Registration & Profile – Builder — versions 3.4.9

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

References

wpscan.com/vulnerability/c142e738-bc4b-4058-a03e-1be6fca47207 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24527?: CVE-2021-24527 is a vulnerability in User Registration & Profile – Builder, classified under Improper Authentication. Published 2021-08-16.
Is CVE-2021-24527 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.