CVE-2025-5305

State: PUBLISHED · Published: 2025-09-18 · Updated: 2025-09-22 · Assigner: WPScan

Description

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

CWE

(none)

Affected

Unknown / Password Reset with Code for WordPress REST API — v=0 <0.0.17 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2025/5xxx/CVE-2025-5305.json