CWE-620
Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
CVE-2022-3152 (GCVE-0-2022-3152)
Vulnerability from cvelistv5 – Published: 2022-09-07 14:25 – Updated: 2024-08-03 01:00
VLAI
Title
Unverified Password Change in phpfusion/phpfusion
Summary
Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.
Severity
9.6 (Critical)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b3f888d2-5c71-4682-828… | x_refsource_CONFIRM |
| https://github.com/phpfusion/phpfusion/commit/57c… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| phpfusion | phpfusion/phpfusion |
Affected:
unspecified , < 9.10.20
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b3f888d2-5c71-4682-8287-42613401fd5a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/phpfusion/phpfusion/commit/57c96d4a0c00e8e1e25100087654688123c6e991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "phpfusion/phpfusion",
"vendor": "phpfusion",
"versions": [
{
"lessThan": "9.10.20",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T14:25:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b3f888d2-5c71-4682-8287-42613401fd5a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phpfusion/phpfusion/commit/57c96d4a0c00e8e1e25100087654688123c6e991"
}
],
"source": {
"advisory": "b3f888d2-5c71-4682-8287-42613401fd5a",
"discovery": "EXTERNAL"
},
"title": "Unverified Password Change in phpfusion/phpfusion",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3152",
"STATE": "PUBLIC",
"TITLE": "Unverified Password Change in phpfusion/phpfusion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "phpfusion/phpfusion",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "9.10.20"
}
]
}
}
]
},
"vendor_name": "phpfusion"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-620 Unverified Password Change"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b3f888d2-5c71-4682-8287-42613401fd5a",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b3f888d2-5c71-4682-8287-42613401fd5a"
},
{
"name": "https://github.com/phpfusion/phpfusion/commit/57c96d4a0c00e8e1e25100087654688123c6e991",
"refsource": "MISC",
"url": "https://github.com/phpfusion/phpfusion/commit/57c96d4a0c00e8e1e25100087654688123c6e991"
}
]
},
"source": {
"advisory": "b3f888d2-5c71-4682-8287-42613401fd5a",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3152",
"datePublished": "2022-09-07T14:25:10.000Z",
"dateReserved": "2022-09-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:00:10.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2297 (GCVE-0-2023-2297)
Vulnerability from cvelistv5 – Published: 2023-04-26 23:30 – Updated: 2026-04-08 17:30
VLAI
Title
Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism
Summary
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cozmoslabs | User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor |
Affected:
0 , ≤ 3.9.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e731292a-4f95-46eb-889e-b00d58f3444e?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2864329%40profile-builder\u0026new=2864329%40profile-builder\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://lana.codes/lanavdb/512e7307-04a5-4d8b-8f79-f75f37784a9f/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2023/03/vulnerability-patched-in-cozmolabs-profile-builder-plugin-information-disclosure-leads-to-account-takeover/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T16:16:48.516628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T16:50:32.449Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Profile Builder \u2013 Beautiful User Registration Forms, User Profiles \u0026 User Role Editor",
"vendor": "cozmoslabs",
"versions": [
{
"lessThanOrEqual": "3.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Profile Builder \u2013 User Profile \u0026 User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:30:20.266Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e731292a-4f95-46eb-889e-b00d58f3444e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2864329%40profile-builder\u0026new=2864329%40profile-builder\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://lana.codes/lanavdb/512e7307-04a5-4d8b-8f79-f75f37784a9f/"
},
{
"url": "https://www.wordfence.com/blog/2023/03/vulnerability-patched-in-cozmolabs-profile-builder-plugin-information-disclosure-leads-to-account-takeover/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-08T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-02-13T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Profile Builder \u2013 User Profile \u0026 User Registration Forms \u003c= 3.9.0 - Insecure Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2297",
"datePublished": "2023-04-26T23:30:18.376Z",
"dateReserved": "2023-04-26T10:59:01.452Z",
"dateUpdated": "2026-04-08T17:30:20.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2449 (GCVE-0-2023-2449)
Vulnerability from cvelistv5 – Published: 2023-11-22 15:33 – Updated: 2026-04-08 17:28
VLAI
Title
UserPro <= 5.1.1 - Insecure Password Reset Mechanism
Summary
The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.
Severity
9.8 (Critical)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | UserPro - Community and User Profile WordPress Plugin |
Affected:
0 , ≤ 5.1.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:08.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UserPro - Community and User Profile WordPress Plugin",
"vendor": "n/a",
"versions": [
{
"lessThanOrEqual": "5.1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:22.634Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve"
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-26T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-05-01T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-21T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "UserPro \u003c= 5.1.1 - Insecure Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-2449",
"datePublished": "2023-11-22T15:33:36.801Z",
"dateReserved": "2023-05-01T14:20:24.641Z",
"dateUpdated": "2026-04-08T17:28:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-25931 (GCVE-0-2023-25931)
Vulnerability from cvelistv5 – Published: 2023-03-01 18:56 – Updated: 2025-03-07 21:34
VLAI
Title
Medtronic Micro Clinician & InterStim X Clinician App Password Reset Issue
Summary
Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | InsterStim Applications |
Affected:
Micro Clinician , < A51200
(custom)
Affected: InterStim X Clinician , < A51300 (custom) |
Date Public
2023-03-02 20:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:05.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/pelvic-health-interstim-micro.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T21:34:21.835531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T21:34:37.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "InsterStim Applications",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "A51200",
"status": "affected",
"version": "Micro Clinician ",
"versionType": "custom"
},
{
"lessThan": "A51300",
"status": "affected",
"version": "InterStim X Clinician",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-03-02T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer. \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer. \n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known exploits.\u0026nbsp;"
}
],
"value": "No known exploits.\u00a0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620: Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-01T18:56:30.093Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/pelvic-health-interstim-micro.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Current versions of the application has mitigated this vulnerability. Please refer to the Medtronic Security Bulletin for update guidance.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Current versions of the application has mitigated this vulnerability. Please refer to the Medtronic Security Bulletin for update guidance.\u00a0\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Medtronic Micro Clinician \u0026 InterStim X Clinician App Password Reset Issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2023-25931",
"datePublished": "2023-03-01T18:56:30.093Z",
"dateReserved": "2023-02-16T17:24:51.595Z",
"dateUpdated": "2025-03-07T21:34:37.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3069 (GCVE-0-2023-3069)
Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-08 19:45
VLAI
Title
Unverified Password Change in tsolucio/corebos
Summary
Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tsolucio | tsolucio/corebos |
Affected:
unspecified , < 8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:04.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/00544982-365a-476b-b5fe-42f02f11d367"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/tsolucio/corebos/commit/e3dabd74c68646bb54538d66411fc1e633ec454b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T19:45:13.358219Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T19:45:21.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tsolucio/corebos",
"vendor": "tsolucio",
"versions": [
{
"lessThan": "8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unverified Password Change in GitHub repository tsolucio/corebos prior to 8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/00544982-365a-476b-b5fe-42f02f11d367"
},
{
"url": "https://github.com/tsolucio/corebos/commit/e3dabd74c68646bb54538d66411fc1e633ec454b"
}
],
"source": {
"advisory": "00544982-365a-476b-b5fe-42f02f11d367",
"discovery": "EXTERNAL"
},
"title": "Unverified Password Change in tsolucio/corebos"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-3069",
"datePublished": "2023-06-02T00:00:00.000Z",
"dateReserved": "2023-06-02T00:00:00.000Z",
"dateUpdated": "2025-01-08T19:45:21.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4214 (GCVE-0-2023-4214)
Vulnerability from cvelistv5 – Published: 2023-11-18 01:54 – Updated: 2026-04-08 16:51
VLAI
Title
AppPresser <= 4.2.5 - Insecure Password Reset Mechanism
Summary
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| scottopolis | AppPresser – Mobile App Framework |
Affected:
0 , ≤ 4.2.5
(semver)
|
|
| apppresser | apppresser |
Affected:
0 , < 4.3,0
(custom)
cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apppresser:apppresser:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "apppresser",
"vendor": "apppresser",
"versions": [
{
"lessThan": "4.3,0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T20:50:57.152920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T18:48:41.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AppPresser \u2013 Mobile App Framework",
"vendor": "scottopolis",
"versions": [
{
"lessThanOrEqual": "4.2.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:13.457Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_WPAPI_Mods.php#L567"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2997160/apppresser"
},
{
"url": "https://plugins.trac.wordpress.org/browser/apppresser/trunk/inc/AppPresser_API_Limit.php?rev=2997182"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-07T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-07T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-11-16T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AppPresser \u003c= 4.2.5 - Insecure Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4214",
"datePublished": "2023-11-18T01:54:34.583Z",
"dateReserved": "2023-08-07T18:54:22.417Z",
"dateUpdated": "2026-04-08T16:51:13.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4381 (GCVE-0-2023-4381)
Vulnerability from cvelistv5 – Published: 2023-08-16 11:02 – Updated: 2024-10-03 13:37
VLAI
Title
Unverified Password Change in instantsoft/icms2
Summary
Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| instantsoft | instantsoft/icms2 |
Affected:
unspecified , < 2.16.1-git
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:37:25.241649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:37:37.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "instantsoft/icms2",
"vendor": "instantsoft",
"versions": [
{
"lessThan": "2.16.1-git",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-16T11:02:27.189Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/666c2617-e3e9-4955-9c97-2f8ed5262cc3"
},
{
"url": "https://github.com/instantsoft/icms2/commit/58f8b9941b53b606a1b15a4364005cd2b1965507"
}
],
"source": {
"advisory": "666c2617-e3e9-4955-9c97-2f8ed5262cc3",
"discovery": "EXTERNAL"
},
"title": "Unverified Password Change in instantsoft/icms2"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4381",
"datePublished": "2023-08-16T11:02:27.189Z",
"dateReserved": "2023-08-16T11:02:13.354Z",
"dateUpdated": "2024-10-03T13:37:37.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4465 (GCVE-0-2023-4465)
Vulnerability from cvelistv5 – Published: 2023-12-29 09:37 – Updated: 2024-08-02 07:31
VLAI
Title
Poly VVX 601 Configuration File Import unverified password change
Summary
A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.
Severity
CWE
- CWE-620 - Unverified Password Change
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.249258 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.249258 | signaturepermissions-required |
| https://modzero.com/en/advisories/mz-23-01-poly-voip/ | related |
| https://support.hp.com/us-en/document/ish_9929371… | related |
| https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices | exploit |
| https://fahrplan.events.ccc.de/congress/2023/fahr… | related |
Impacted products
37 products
| Vendor | Product | Version | |
|---|---|---|---|
| Poly | Trio 8300 |
Affected:
n/a
|
|
| Poly | Trio 8500 |
Affected:
n/a
|
|
| Poly | Trio 8800 |
Affected:
n/a
|
|
| Poly | Trio C60 |
Affected:
n/a
|
|
| Poly | CCX 350 |
Affected:
n/a
|
|
| Poly | CCX 400 |
Affected:
n/a
|
|
| Poly | CCX 500 |
Affected:
n/a
|
|
| Poly | CCX 505 |
Affected:
n/a
|
|
| Poly | CCX 600 |
Affected:
n/a
|
|
| Poly | CCX 700 |
Affected:
n/a
|
|
| Poly | EDGE E100 |
Affected:
n/a
|
|
| Poly | EDGE E220 |
Affected:
n/a
|
|
| Poly | EDGE E300 |
Affected:
n/a
|
|
| Poly | EDGE E320 |
Affected:
n/a
|
|
| Poly | EDGE E350 |
Affected:
n/a
|
|
| Poly | EDGE E400 |
Affected:
n/a
|
|
| Poly | EDGE E450 |
Affected:
n/a
|
|
| Poly | EDGE E500 |
Affected:
n/a
|
|
| Poly | EDGE E550 |
Affected:
n/a
|
|
| Poly | VVX 101 |
Affected:
n/a
|
|
| Poly | VVX 150 |
Affected:
n/a
|
|
| Poly | VVX 201 |
Affected:
n/a
|
|
| Poly | VVX 250 |
Affected:
n/a
|
|
| Poly | VVX 300 |
Affected:
n/a
|
|
| Poly | VVX 301 |
Affected:
n/a
|
|
| Poly | VVX 310 |
Affected:
n/a
|
|
| Poly | VVX 311 |
Affected:
n/a
|
|
| Poly | VVX 350 |
Affected:
n/a
|
|
| Poly | VVX 400 |
Affected:
n/a
|
|
| Poly | VVX 401 |
Affected:
n/a
|
|
| Poly | VVX 410 |
Affected:
n/a
|
|
| Poly | VVX 411 |
Affected:
n/a
|
|
| Poly | VVX 450 |
Affected:
n/a
|
|
| Poly | VVX 500 |
Affected:
n/a
|
|
| Poly | VVX 501 |
Affected:
n/a
|
|
| Poly | VVX 600 |
Affected:
n/a
|
|
| Poly | VVX 601 |
Affected:
n/a
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio 8800",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "Trio C60",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 505",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "CCX 700",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E100",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E220",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E320",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "EDGE E550",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 101",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 150",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 201",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 250",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 300",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 301",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 310",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 311",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 350",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 400",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 401",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 410",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 411",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 450",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 500",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 501",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 600",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
},
{
"modules": [
"Configuration File Import"
],
"product": "VVX 601",
"vendor": "Poly",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christoph Wolff"
},
{
"lang": "en",
"type": "finder",
"value": "Pascal Zenker"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente Configuration File Import. Durch das Beeinflussen des Arguments device.auth.localAdminPassword mit unbekannten Daten kann eine unverified password change-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T16:16:20.765Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249258"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249258"
},
{
"tags": [
"related"
],
"url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/"
},
{
"tags": [
"related"
],
"url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices"
},
{
"tags": [
"related"
],
"url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11919.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-09T17:20:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Poly VVX 601 Configuration File Import unverified password change"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-4465",
"datePublished": "2023-12-29T09:37:59.607Z",
"dateReserved": "2023-08-21T17:03:52.457Z",
"dateUpdated": "2024-08-02T07:31:05.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4915 (GCVE-0-2023-4915)
Vulnerability from cvelistv5 – Published: 2023-09-13 02:54 – Updated: 2026-04-08 17:33
VLAI
Title
WP User Control <= 1.5.3 - Insecure Password Reset Mechanism
Summary
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wmsedgar | WP User Control |
Affected:
0 , ≤ 1.5.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ca1736-7b99-49db-9367-586dbc14df41?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-user-control/tags/1.5.3/inc/WPUserControlWidget.php#L893"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:37:40.343475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:29:00.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WP User Control",
"vendor": "wmsedgar",
"versions": [
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user\u0027s password after providing the email. The new password is only sent to the user\u0027s email, so the attacker does not have access to the new password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:33:12.495Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ca1736-7b99-49db-9367-586dbc14df41?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-control/tags/1.5.3/inc/WPUserControlWidget.php#L893"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-03T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-18T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-09-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "WP User Control \u003c= 1.5.3 - Insecure Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4915",
"datePublished": "2023-09-13T02:54:13.256Z",
"dateReserved": "2023-09-12T14:49:28.568Z",
"dateUpdated": "2026-04-08T17:33:12.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5844 (GCVE-0-2023-5844)
Vulnerability from cvelistv5 – Published: 2023-10-30 10:08 – Updated: 2024-09-06 18:09
VLAI
Title
Unverified Password Change in pimcore/admin-ui-classic-bundle
Summary
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-620 - Unverified Password Change
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| pimcore | pimcore/admin-ui-classic-bundle |
Affected:
unspecified , < 1.2.0
(custom)
|
|
| pimcore | admin_classic_bundle |
Affected:
0 , < 1.2.0
(custom)
cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "admin_classic_bundle",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5844",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T17:46:52.349297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:09:13.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pimcore/admin-ui-classic-bundle",
"vendor": "pimcore",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-620",
"description": "CWE-620 Unverified Password Change",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T10:08:49.782Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021"
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea"
}
],
"source": {
"advisory": "b031199d-192a-46e5-8c02-f7284ad74021",
"discovery": "EXTERNAL"
},
"title": "Unverified Password Change in pimcore/admin-ui-classic-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5844",
"datePublished": "2023-10-30T10:08:49.782Z",
"dateReserved": "2023-10-30T10:08:38.059Z",
"dateUpdated": "2024-09-06T18:09:13.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- When prompting for a password change, force the user to provide the original password in addition to the new password.
Mitigation
Phase: Architecture and Design
Description:
- Do not use "forgotten password" functionality. But if you must, ensure that you are only providing information to the actual user, e.g. by using an email address or challenge question that the legitimate user already provided in the past; do not allow the current user to change this identity information until the correct password has been provided.
No CAPEC attack patterns related to this CWE.