CVE-2023-4214

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

EUVD-2025-36698

ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection...

CVE-2025-64101

Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset...

EUVD-2018-2060

Malware in sbrugna...

EUVD-2020-7130

Malware in sbrugna...

EUVD-2024-47272

Malicious code in bioql PyPI...

EUVD-2023-59656

Malicious code in bioql PyPI...

CVE-2025-5305

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

CVE-2025-5305 Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers...

CVE-2025-5305

CVE-2025-5305 : The WordPress plugin Password Reset with Code for WordPress REST API (bdvs-password-reset) before 0.0.17 uses insecure OTP generation (not cryptographically sound), enabling potential account takeover. Affected plugin/version: Password Reset with Code for WordPress REST API (

CVE-2005-0745

UTStarcom iAN-02EX VoIP Analog Terminal Adaptor ATA allows local users to bypass ATA access restrictions by dialing "26845" and causing a device reset...

CVE-2024-6125

The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...

CVE-2024-11024

Summary (CVE-2024-11024): The AppPresser – Mobile App Framework WordPress plugin is vulnerable to unauthenticated privilege escalation via password reset abuse. An attacker who knows a user’s email can reset that user’s password because the plugin does not validate the password reset code before ...

CVE-2024-6125

CVE-2024-6125 is a WordPress plugin vulnerability in Login with phone number up to version 1.7.34. The issue allows unauthenticated password resets by guessing a 6-digit numeric code because the reset code is weak and there is no limit on attempts or time. Public sources confirm the root cause as...

CVE-2023-7264 Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code...

CVE-2023-7264

The Build App Online plugin for WordPress (all versions up to 1.0.21) is vulnerable due to a weak password reset mechanism. An unauthenticated attacker can reset arbitrary user passwords by guessing a 4‑digit numeric reset code, enabling account takeover with high impact (C/H/I/A). The connected ...

PT-2023-25109 · WordPress · Password Reset With Code For Wordpress Rest Api

Name of the Vulnerable Software and Affected Versions: Password Reset with Code for WordPress REST API versions 0.0.0 through 0.0.15 Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts vulnerability in the Password Reset with Code for WordPress REST...

CVE-2023-49097 ZITADEL vulnerable account takeover via malicious host header injection

ZITADEL is an identity infrastructure system. ZITADEL uses the notification triggering requests Forwarded or X-Forwarded-Host header to build the button link sent in emails for confirming a password reset with the emailed code. If this header is overwritten and a user clicks the link to a malicio...

CVE-2023-4214 AppPresser <= 4.2.5 - Insecure Password Reset Mechanism

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit...

PT-2023-28282 · WordPress · Apppresser

Name of the Vulnerable Software and Affected Versions: AppPresser plugin for WordPress versions up to, and including 4.2.5 Description: The issue allows for unauthorized password resets due to the plugin generating a weak reset code. The code used to reset the password has no attempt or time limi...