📄 WordPress ARMember Premium 7.3.1 Insecure Password Reset

WordPress ARMember Premium plugin versions 7.3.1 and below suffer from an insecure password reset mechanism that allows for administrative account takeover. ☠️ CVE-2026-5076 ARMember Premium --- 📋 Informasi Kerentanan | Item | Detail | |---|---| | CVE ID | CVE-2026-5076 | | Plugin | ARMember –...

CVE-2026-24669

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and...

VulnCheck KEV: CVE-2025-14975

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

CVE-2026-24669

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized password changes and...

EUVD-2022-48501

Malicious code in bioql PyPI...

CVE-2024-6125 Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism

The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

CVE-2022-45637

CVE-2022-45637 concerns MEGAFEIS/BOFEI DBD+ mobile app (iOS & Android) v1.4.4 with an insecure password reset code expiry mechanism. Multiple connected sources (NVD, Red Hat, CVE list, PRION, and WithSecure PoC repo) describe the vulnerability as an insecure expiry mechanism for password reset, e...

MEGAFEIS DBD+ 授权问题漏洞

MEGAFEIS DBD+ is a smart fingerprint Bluetooth padlock from MEGAFEIS. A security vulnerability exists in MEGAFEIS DBD+ version 1.4.4 that stems from the presence of an insecure password reset...

CVE-2017-16631

In SapphireIMS 40971, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference IDOR in the "Account Password Reset" functionality...

U.S. Dept Of Defense: Email PII disclosure due to Insecure Password Reset field

Summary: I revisited report 235041 and discovered the vulnerability isn't patched properly as I was able to discover more emails I could gleam. It appears the core mechanism allows anyone who knows specific names or user names to leak sensitive emails Description: This password reset field allows...

ESA-2015-078: RSA® Identity Management and Governance &#40;IMG&#41; Insecure Password Reset Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-078: RSA® Identity Management and Governance IMG Insecure Password Reset Vulnerability EMC Identifier: ESA-2015-078 CVE Identifier: CVE-2015-0532 Severity Rating: CVSSv2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected Products: - RSA...