4 matches found
CVE-2025-5305
CVE-2025-5305 : The WordPress plugin Password Reset with Code for WordPress REST API (bdvs-password-reset) before 0.0.17 uses insecure OTP generation (not cryptographically sound), enabling potential account takeover. Affected plugin/version: Password Reset with Code for WordPress REST API (
CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP
The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...
WordPress App Builder – Create Native Android & iOS Apps On The Flight plugin <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP vulnerability
Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin App Builder versions = 5.3.7...
WordPress AppPresser plugin <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP vulnerability
Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin AppPresser versions = 4.4.4...