CVE-2026-9701
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the eventer_verification_code user meta field when a user requests a password reset. The plaintext key stored in wp_usermeta can be used with the plugin's custom reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-9700), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators. Note: The password reset function only works up to PHP version 7.4.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| joe007 | Eventer | 0 <= 4.4.2 | affected |
Weaknesses
- CWE-289: CWE-289 Authentication Bypass by Alternate Name
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bc656765-1eac-4a96-99e9-c22d64984923?source=cve
- https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.