Description
The "lost password" functionality in b2evolution before 6.7.9 allows remote attackers to reset arbitrary user passwords via a crafted request.
Remediation
References
Related Vulnerabilities
Jenkins Missing Authorization Vulnerability (CVE-2019-10354)
SharePoint CVE-2021-24104 Vulnerability (CVE-2021-24104)
MySQL CVE-2013-0386 Vulnerability (CVE-2013-0386)
WordPress Plugin Advanced Custom Fields PRO Multiple Security Bypass Vulnerabilities (5.10)
WordPress Plugin Xhanch-My Twitter Cross-Site Request Forgery (2.7.6)