5.3

CVE-2024-8794

BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset

BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user's passwords, including administrators. It's important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible.
Mögliche Gegenmaßnahme
BA Book Everything: Update to version 1.6.21, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ba-bookingBa Book Everything SwPlatformwordpress Version < 1.6.21
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt BA Book Everything
Version *-1.6.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.337
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-620 Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-my-account.php#L610
Product
https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-users.php#L266
Product
https://plugins.trac.wordpress.org/changeset/3152728/ba-book-everything/trunk/includes/class-babe-users.php
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e261b0e-5ca3-4f5c-acc0-41abee31b148
Third Party Advisory