EUVD-2018-2060

Malware in sbrugna...

CVE-2025-5305

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

CVE-2025-5305

CVE-2025-5305 : The WordPress plugin Password Reset with Code for WordPress REST API (bdvs-password-reset) before 0.0.17 uses insecure OTP generation (not cryptographically sound), enabling potential account takeover. Affected plugin/version: Password Reset with Code for WordPress REST API (

CVE-2024-11024

Summary (CVE-2024-11024): The AppPresser – Mobile App Framework WordPress plugin is vulnerable to unauthenticated privilege escalation via password reset abuse. An attacker who knows a user’s email can reset that user’s password because the plugin does not validate the password reset code before ...

PT-2023-25109 · WordPress · Password Reset With Code For Wordpress Rest Api

Name of the Vulnerable Software and Affected Versions: Password Reset with Code for WordPress REST API versions 0.0.0 through 0.0.15 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in the Password Reset with Code for WordPress REST...

CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection

ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicio...

CVE-2020-28642

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks...

Short Password Reset code vulnerability allows hackers to brute-force many websites

Yesterday we received a vulnerability report in web applications from some unknown Indian Hacker, who explained that how Hackers are hijacking Mobile recharge and Free SMS service related websites. He detailed the loophole in password reset process, that could allow attackers to brute force many...