CVE-2024-8794

The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a user's identity prior to setting a password. This makes it possible for unauthenticated attackers to reset any user's passwords, including administrators. It's important to note that the attacker will not have access to the generated password, therefore, privilege escalation is not possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ba-booking:ba_book_everything:*:*:*:*:*:wordpress:*:*

History

26 Sep 2024, 16:23

Type Values Removed Values Added
CPE cpe:2.3:a:ba-booking:ba_book_everything:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-Other
First Time Ba-booking ba Book Everything
Ba-booking
References () https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-my-account.php#L610 - () https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-my-account.php#L610 - Product
References () https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-users.php#L266 - () https://plugins.trac.wordpress.org/browser/ba-book-everything/tags/1.6.20/includes/class-babe-users.php#L266 - Product
References () https://plugins.trac.wordpress.org/changeset/3152728/ba-book-everything/trunk/includes/class-babe-users.php - () https://plugins.trac.wordpress.org/changeset/3152728/ba-book-everything/trunk/includes/class-babe-users.php - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/4e261b0e-5ca3-4f5c-acc0-41abee31b148?source=cve - Third Party Advisory

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento BA Book Everything para WordPress es vulnerable al restablecimiento arbitrario de contraseñas en todas las versiones hasta la 1.6.20 incluida. Esto se debe a que la función reset_user_password() no verifica la identidad de un usuario antes de establecer una contraseña. Esto hace posible que atacantes no autenticados restablezcan las contraseñas de cualquier usuario, incluidos los administradores. Es importante tener en cuenta que el atacante no tendrá acceso a la contraseña generada, por lo tanto, no es posible la escalada de privilegios.

24 Sep 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-24 03:15

Updated : 2024-09-26 16:23


NVD link : CVE-2024-8794

Mitre link : CVE-2024-8794

CVE.ORG link : CVE-2024-8794


JSON object : View

Products Affected

ba-booking

  • ba_book_everything
CWE
NVD-CWE-Other CWE-620

Unverified Password Change