CWE-620

Unverified Password Change

Parent: CWE-1390 - Weak Authentication

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

82 vulnerabilities with CWE-620
CVE-2025-4606 CRITICAL
Uxper Sala - Startup & SaaS WordPress Theme <=1.1.4 - Privilege Escalation via Account Takeover
CVSS 9.8
CVE-2025-6097 MEDIUM
UTT 750W < 5.0 - Unauthenticated Unverified Password Change via formDefineManagement
CVSS 5.3
CVE-2025-5482 HIGH
Sunshine Photo Cart < 3.4.12 - Authenticated Privilege Escalation via Password Reset Key Validation Bypass
CVSS 8.8
CVE-2025-47938 LOW
TYPO3 <9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.1...
CVSS 3.8
CVE-2025-4322 CRITICAL
Motors WordPress <5.6.67 - Privilege Escalation
CVSS 9.8
CVE-2025-4903 MEDIUM
D-Link DI-7003GV2 24.04.18D1 R(68125) - Unauthenticated Unverified Password Change via webgl.asp
CVSS 5.3
CVE-2025-46748 LOW
SEL Blueframe OS < 1.10.0 - Authenticated Unverified Password Change
CVSS 2.7
CVE-2025-4558 CRITICAL
WormHole Tech GPM < 202502 - Unauthenticated Unverified Password Change
CVSS 9.8
CVE-2025-4552 MEDIUM
ContiNew Admin < 3.6.0 - Unauthenticated Unverified Password Change via /dev-api/system/user/1/password
CVSS 5.4
CVE-2025-2253 CRITICAL
IMITHEMES Listing <3.3 - Privilege Escalation
CVSS 9.8
CVE-2025-3793 MEDIUM
Buddypress Force Password Change <0.1 - Privilege Escalation
CVSS 4.2
CVE-2025-3607 HIGH
Frontend Login & Registration Blocks <1.0.7 - Privilege Escalation
CVSS 8.8
CVE-2025-3603 CRITICAL
Flynax Bridge < 2.2.0 - Unauthenticated Privilege Escalation via Password Change
CVSS 9.8
CVE-2025-3849 MEDIUM
SpringBoot-Vue-OnlineExam 1.0 - Unverified Password Change via studentId Parameter
CVSS 4.3
CVE-2025-1107 CRITICAL
Janto < r12 - Unauthenticated Unverified Password Change via Gateway.php Endpoint
CVSS 9.9
CVE-2024-12827 CRITICAL
DWT - Directory & Listing WordPress Theme <3.3.6 - Privilege Escala...
CVSS 9.8
CVE-2024-47784 LOW
ABB ANC < 1.1.4 - Authenticated Unverified Password Change via Web HMI
CVSS 2.6
CVE-2024-48887 CRITICAL
FortiSwitch >=6.4.0 <6.4.15 - Unauthenticated Password Change via GUI Request
CVSS 9.8
CVE-2024-41796 MEDIUM
SENTRON 7KT PAC1260 Data Manager - Unauthenticated Password Change via Web Interface
CVSS 6.5
CVE-2024-9431 HIGH
transformeroptimus/superagi <0.0.14 - Privilege Escalation
CVSS 8.8
CVE-2024-13373 HIGH
Exertio Framework <1.3.1 - Privilege Escalation
CVSS 8.1
CVE-2024-12824 CRITICAL
Nokri - Job Board WordPress Theme <1.6.2 - Privilege Escalation
CVSS 9.8
CVE-2024-12860 CRITICAL
CarSpot < 2.4.3 - Unauthenticated Privilege Escalation via Password Change Token Validation Bypass
CVSS 9.8
CVE-2024-45647 MEDIUM
IBM Security Verify Access <10.0.9 - Privilege Escalation
CVSS 5.6
CVE-2024-13375 CRITICAL
Adifier System <3.1.7 - Privilege Escalation
CVSS 9.8
Details
Vulnerabilities 82
Links
MITRE CWE Entry Search this CWE With Exploits