PT-2026-51674

Name of the Vulnerable Software and Affected Versions Invoice Generator plugin for WordPress versions prior to 1.0.1 Description The Invoice Generator plugin for WordPress allows unauthenticated account takeover through a flaw in the password reset process. The pravel invoice change password...

EUVD-2026-33359

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

PT-2026-44967

Name of the Vulnerable Software and Affected Versions KMW CCTV Security Cameras affected versions not specified Description An issue exists that allows an unauthenticated attacker to remotely reset the administrator password to a known value. This action grants full access to the camera settings...

CVE-2026-35676

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

CVE-2026-35676 phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint

phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Attackers can enumerate valid username and email pairs and force immediate password changes by sendin...

phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Forced Password Change Without Token Validation

Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid username + email pair, they can call the reset endpoint directly. The application immediately generates a new password, writes it to the account, and...

Exploit for CVE-2025-15521

CVE-2025-15521 The Academy LMS – WordPress LMS Plugin for Comp...

CVE-2025-70833

An Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user including the administrator and fully takeover the account by manipulating POST parameters. The issue stems from insecure permission validation in check-power.php...

CVE-2026-25858

macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The password reset flow exposes the one-time passwo...

CVE-2025-15030

CVE-2025-15030 affects the WordPress plugin User Profile Builder up to version 3.15.2. The vulnerability arises from an improper password reset flow, allowing unauthenticated actors to reset any user’s password by supplying a username (e.g., administrator) and a crafted request; no valid reset to...

PT-2026-5609

Name of the Vulnerable Software and Affected Versions User Profile Builder WordPress plugin versions prior to 3.15.2 Description The User Profile Builder WordPress plugin does not have a secure password reset process. This allows unauthenticated requests to reset the password for any user,...

CVE-2025-14975 Custom Login Page Customizer < 2.5.4 - Unauthenticated Arbitrary Password Reset

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

CVE-2025-14975 Custom Login Page Customizer < 2.5.4 - Unauthenticated Arbitrary Password Reset

The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account...

PT-2026-4752

The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration. This includes encrypted MIFARE keys, card data, user PINs and much more. The PINs are even stored unencrypted. Combined with...

CVE-2025-13313 CRM Memberships <= 2.6 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint

The CRM Memberships plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including, 2.6. This is due to missing authorization and authentication checks on the ntzcrmchangepassword AJAX action. This makes it possible for unauthenticated attackers...

CVE-2025-9286

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the resetuserpassword REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of...

EUVD-2025-32280

The Appy Pie Connect for WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the resetuserpassword REST handler in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to to reset the password of...

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

CVE-2023-0940

The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones...

CVE-2024-50672

A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool = 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in...