EUVD-2023-59656

Malicious code in bioql PyPI...

CVE-2024-6125

The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...

CVE-2024-6125

CVE-2024-6125 is a WordPress plugin vulnerability in Login with phone number up to version 1.7.34. The issue allows unauthenticated password resets by guessing a 6-digit numeric code because the reset code is weak and there is no limit on attempts or time. Public sources confirm the root cause as...

CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...

CVE-2023-7264

The Build App Online plugin for WordPress (all versions up to 1.0.21) is vulnerable due to a weak password reset mechanism. An unauthenticated attacker can reset arbitrary user passwords by guessing a 4‑digit numeric reset code, enabling account takeover with high impact (C/H/I/A). The connected ...