exploitDog

GHSA-53hx-hjr5-fg4m

Опубликовано: 18 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

Ссылки

EPSS

Процентиль: 10%

0.00035

Низкий

9.8 Critical

CVSS3

CVE ID

Связанные уязвимости

CVE-2025-5305

CVSS3: 9.8

nvd

5 месяцев назад

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

EPSS

Процентиль: 10%

0.00035

Низкий

9.8 Critical

CVSS3

CVE ID