CVE-2024-10215

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10215
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://documentation.iqonic.design/wpbookit/versions/change-log Release Notes
https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*
History

27 Jun 2025, 17:37

Type Values Removed Values Added
First Time Iqonic wpbookit
Iqonic
CPE cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:* cpe:2.3:a:iqonic:wpbookit:*:*:*:*:pro:wordpress:*:*

05 Jun 2025, 14:50

Type Values Removed Values Added
CPE cpe:2.3:a:iqonicdesign:wpbookit:*:*:*:*:*:wordpress:*:*
First Time Iqonicdesign wpbookit
Iqonicdesign
References () https://documentation.iqonic.design/wpbookit/versions/change-log - () https://documentation.iqonic.design/wpbookit/versions/change-log - Release Notes
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve - Third Party Advisory
Summary
  • (es) El complemento WPBookit para WordPress es vulnerable al cambio arbitrario de contraseñas de usuario en versiones hasta la 1.6.4 incluida. Esto se debe a que el complemento proporciona acceso controlado por el usuario a los objetos, lo que permite que un usuario eluda la autorización y acceda a los recursos del sistema. Esto hace posible que atacantes no autenticados cambien las contraseñas de los usuarios y potencialmente se apropien de las cuentas de administrador.

09 Jan 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-09 20:15

Updated : 2025-06-27 17:37

NVD link : CVE-2024-10215

Mitre link : CVE-2024-10215

CVE.ORG link : CVE-2024-10215

JSON object : View

Products Affected

iqonic

  • wpbookit
CWE
CWE-639

Authorization Bypass Through User-Controlled Key