WordPress Plugin Vulnerabilities

Checkout Mestres WP < 7.1.9.8 - Authentication Bypass via Password Reset

Description

The plugin is vulnerable to authentication bypass due to a weak password reset functionality, allowing unauthenticated attackers to reset the password of arbitrary users to a guessable value based on the current time.

Affects Plugins

Plugin icon
checkout-mestres-wp
Fixed in 7.1.9.8

References

CVE
CVE-2023-51472
URL
https://patchstack.com/database/vulnerability/checkout-mestres-wp/wordpress-checkout-mestres-wp-plugin-7-1-9-6-unauthenticated-account-takeover-vulnerability

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
43a0a838-70a9-43be-9b46-e10b4f1f1665

Timeline

Publicly Published
2023-12-27 (about 4 months ago)
Added
2024-01-05 (about 4 months ago)
Last Updated
2024-01-30 (about 3 months ago)

Other

Published
Title
Published
2020-01-14
Title
Backup and Staging by WP Time Capsule < 1.21.16 - Authentication Bypass
Published
2016-09-19
Title
Order Export Import for WooCommerce 1.0.8 - Order Information Disclosure
Published
2020-09-17
Title
Discount Rules for WooCommerce < 2.2.1 - Multiple Authorization Bypass
Published
2014-08-01
Title
portable-phpMyAdmin < 1.3.1 - Authentication Bypass
Published
2014-08-01
Title
Contact Form 7 <= 3.7.1 - CAPTCHA Bypass