Lucene search
K

4 matches found

CVE
CVE
added 2025/09/18 6:0 a.m.22 views

CVE-2025-5305

CVE-2025-5305 : The WordPress plugin Password Reset with Code for WordPress REST API (bdvs-password-reset) before 0.0.17 uses insecure OTP generation (not cryptographically sound), enabling potential account takeover. Affected plugin/version: Password Reset with Code for WordPress REST API (

9.8CVSS6.5AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/28 8:23 a.m.22 views

CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

8.1CVSS0.0041EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/24 9:52 p.m.7 views

WordPress App Builder – Create Native Android & iOS Apps On The Flight plugin <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP vulnerability

Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin App Builder versions = 5.3.7...

9.8CVSS7AI score0.00586EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/15 1:17 p.m.6 views

WordPress AppPresser plugin <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP vulnerability

Privilege Escalation and Account Takeover via Weak OTP vulnerability discovered by wesley wcraft in WordPress Plugin AppPresser versions = 4.4.4...

9.8CVSS7AI score0.00662EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder