ГлавнаяУязвимости → CVE-2025-5305
9.8критическая

CVE-2025-5305

Описание

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/