AI Score
Confidence
High
EPSS
Percentile
9.0%
Description The plugin is vulnerable to account takeover due to a weak password reset mechanism, allowing unauthenticated attackers to reset the password of arbitrary users by guessing an 8-digit numeric reset code.
patchstack.com/database/vulnerability/build-app-online/wordpress-build-app-online-plugin-1-0-19-unauthenticated-account-takeover-vulnerability