Insecure Password Reset Vulnerability in Flight Plugin for WordPress
CVE-2024-9302
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 25 October 2024
What is CVE-2024-9302?
The App Builder plugin for WordPress has an identified vulnerability that allows for privilege escalation through improper handling of OTP (One-Time Password) requests. This affects all versions of the plugin up to and including 5.3.7. The functions responsible for verifying OTPs and updating passwords lack sufficient security controls, which permits unauthenticated attackers to exploit these weaknesses. By brute forcing the OTP, an attacker can potentially gain access to any user's account, including those of administrators, and alter their passwords. This vulnerability spotlights the critical need for robust verification processes in password management functionalities to safeguard user accounts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
App Builder β Create Native Android & iOS Apps On The Flight * <= 5.3.7
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved