### [CVE-2021-24655](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24655)
![](https://img.shields.io/static/v1?label=Product&message=WP%20User%20Manager%20%E2%80%93%20User%20Profile%20Builder%20%26%20Membership&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.6.3%3C%202.6.3%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen)

### Description

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only their ID, and gain access to their account.

### POC

#### Reference
- https://wpscan.com/vulnerability/cce03550-7f65-4172-819e-025755fb541f

#### Github
No PoCs found on GitHub currently.