CVE-2024-35648 WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability

🗓️ 17 Jun 2026 12:03:47Reported by PatchstackType

Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2024-35648	17 Jun 202615:02	–	circl
CVE	CVE-2024-35648	17 Jun 202612:03	–	cve
EUVD	EUVD-2024-55635	17 Jun 202618:35	–	euvd
NVD	CVE-2024-35648	17 Jun 202613:19	–	nvd
Patchstack	WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability	3 Jun 202408:24	–	patchstack
Patchstack	WordPress Emergency Password Reset Plugin <= 8.0 is vulnerable to Cross Site Request Forgery (CSRF)	3 Jun 202400:00	–	patchstack
Positive Technologies	PT-2026-50370	17 Jun 202600:00	–	ptsecurity
Vulnrichment	CVE-2024-35648 WordPress Emergency Password Reset plugin <= 8.0 - Cross Site Request Forgery (CSRF) vulnerability	17 Jun 202612:03	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)	13 Jun 202415:35	–	wordfence
WPVulnDB	Emergency Password Reset < 9.0 - Cross-Site Request Forgery	11 Jun 202400:00	–	wpvulndb

[
  {
    "vendor": "Andy Moyle",
    "product": "Emergency Password Reset",
    "collectionURL": "https://wordpress.org/plugins",
    "packageName": "emergency-password-reset",
    "versions": [
      {
        "status": "affected",
        "version": "n/a",
        "lessThanOrEqual": "8.0",
        "changes": [
          {
            "at": "9.0",
            "status": "unaffected"
          }
        ],
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
patchstack	www.patchstack.com/database/wordpress/plugin/emergency-password-reset/vulnerability/wordpress-emergency-password-reset-plugin-8-0-cross-site-request-forgery-csrf-vulnerability

17 Jun 2026 12:03Current

CVSS 3.14.3

CWE-352