CVE-2024-8794

CVSS V2 None CVSS V3 None

Description

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user's passwords, including administrators. It's important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible.

Overview

CVE ID
CVE-2024-8794

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-09-24T02:31:01.384Z

Last Modified Date
2024-09-24T02:31:01.384Z

Weakness Enumerations

CWE	URL
CWE-620	http://cwe.mitre.org/data/definitions/620.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=cve
https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-users.php#L266
https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-my-account.php#L610
https://plugins.trac.wordpress.org/changeset/3152728/ba-book-everything/trunk/includes/class-babe-users.php

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-8794
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8794

History

Created	Old Value	New Value	Data Type	Notes
2024-10-06 09:36:28				Added to TrackCVE