The BA Book Everything plugin for WordPress has a security issue in versions 1.6.20 and below. This means that anyone, even without an account, can change the password for any user, including administrators. However, the attacker will not be able to see the new password, so they cannot gain additional privileges.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
