CVE-2024-13373

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-620
View all →

Vulnerability Description

The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the fl_forgot_pass_new() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Related Vulnerabilities

CVE-2024-27715

HIGH
CVSS:8.2(High)

An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism.

CWE-6202024

CVE-2024-21757

HIGH
CVSS:7.8(High)

A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 th...

CWE-6202024

CVE-2024-28143

HIGH
CVSS:8.4(High)

The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new p...

CWE-6202024

CVE-2023-3069

HIGH
CVSS:7.6(High)

Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.

CWE-6202023

CVE-2022-21935

HIGH
CVSS:7.5(High)

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

CWE-6202022

CVE-2025-4903

MEDIUM
CVSS:7.5(High)

A vulnerability, which was classified as critical, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). This affects the function sub_41F4F0 of the file /H5/webgl.asp?tggl_port=0&remote_management=0&ht...

CWE-6202025