Tag
blueprintUE versions prior to 4.2.0 are vulnerable to account takeover due to a missing current password validation on the password change form, allowing attackers with an authenticated session to change the password without knowing the original credential.