vulnerability
WordPress Plugin: yith-easy-login-register-popup-for-woocommerce: CVE-2021-39331: Authorization Bypass Through User-Controlled Key
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Sep 20, 2021 | May 15, 2025 | May 15, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Sep 20, 2021
Added
May 15, 2025
Modified
May 15, 2025
Description
The YITH Easy Login and Register Popup for WooCommerce plugin for WordPress is vulnerable to authorization bypass via password reset in versions up to, and including, 1.8.0. This is due to the plugin failing to properly validate if a user is authorized to perform a password reset for the supplied user_login via the yith_welrp_form_action AJAX. This makes it possible for unauthenticated users to reset administrators password and then log in to a site using that account.
Solution
yith-easy-login-register-popup-for-woocommerce-plugin-cve-2021-39331
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.