CVE-2024-12827: CWE-620 Unverified Password Change in scriptsbundle DWT - Directory & Listing WordPress Theme
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
AI Analysis
Technical Summary
The DWT - Directory & Listing WordPress Theme contains a vulnerability (CWE-620) where the dwt_listing_reset_password() function does not properly verify that the password reset token is non-empty before allowing a password reset. This flaw enables unauthenticated attackers to change any user's password, including those with administrative privileges, resulting in privilege escalation and account takeover. The vulnerability affects all versions up to and including 3.3.6 and has a CVSS 3.1 score of 9.8, indicating critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
An attacker can reset passwords for arbitrary users without authentication, including administrators, leading to full account compromise and control over the affected WordPress site. This compromises confidentiality, integrity, and availability of the system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix links are provided, users should monitor the vendor's communications for updates. Until a fix is available, restrict access to the password reset functionality if possible or disable the vulnerable theme. Avoid using affected versions in production environments.
CVE-2024-12827: CWE-620 Unverified Password Change in scriptsbundle DWT - Directory & Listing WordPress Theme
Description
The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The DWT - Directory & Listing WordPress Theme contains a vulnerability (CWE-620) where the dwt_listing_reset_password() function does not properly verify that the password reset token is non-empty before allowing a password reset. This flaw enables unauthenticated attackers to change any user's password, including those with administrative privileges, resulting in privilege escalation and account takeover. The vulnerability affects all versions up to and including 3.3.6 and has a CVSS 3.1 score of 9.8, indicating critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
An attacker can reset passwords for arbitrary users without authentication, including administrators, leading to full account compromise and control over the affected WordPress site. This compromises confidentiality, integrity, and availability of the system.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix links are provided, users should monitor the vendor's communications for updates. Until a fix is available, restrict access to the password reset functionality if possible or disable the vulnerable theme. Avoid using affected versions in production environments.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-12-19T21:44:06.338Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6e49b7ef31ef0b59c58e
Added to database: 2/25/2026, 9:48:57 PM
Last enriched: 4/9/2026, 12:55:21 PM
Last updated: 4/14/2026, 1:13:33 AM
Views: 16
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.