Source: National Vulnerability Database

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the password (to an arbitrary value) of any user knowing only

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24655

113 hits since 2022-07-22

PHP Vulns Source Ratio: 17% (7130 total, 598 propagated, 3565 filtered)