Password Reset with Code < 0.0.17 - Insecure Password Reset...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

Basic Information

ID CVE-2025-5305

Source WPScan

Published Sep 18, 2025 at 06:00

Modified Sep 22, 2025 at 17:27

Affected Product

Vendor Unknown

Product Password Reset with Code for WordPress REST API

Affected Versions Unknown Password Reset with Code for WordPress REST API 0

CWE Classification

References

wpscan.com /vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/

{
    "lastseen": "",
    "description": "The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.",
    "published": "2025-09-18T06:00:04.273Z",
    "modified": "2025-09-22T17:27:38.830Z",
    "type": "cve",
    "title": "Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/",
    "id": "CVE-2025-5305",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Password Reset with Code for WordPress REST API 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Password Reset with Code for WordPress REST API",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Password Reset with Code < 0.0.17 - Insecure Password Reset Code Creation_CVE-2025-5305