← back
CVE-2025-5305

Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation

CVSS 9.8 CRITICALEPSS 0.2%
The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Unknown · Password Reset with Code for WordPress REST API

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/