CVE-2021-27200

critical

Description

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

References

https://www.wowonder.com

https://www.exploit-db.com/exploits/49989

https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200

Details

Source: Mitre, NVD

Published: 2021-06-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03045