A plugin called WPBookit for WordPress has a security issue that allows someone to take over someone else’s account. This happens because the plugin doesn’t check to make sure the person changing the password or email is actually that user. This means that anyone, even if they aren’t logged in, can change an admin’s email and password and use that to get into their account.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
