CVE-2023-35039

CRITICAL

Password Reset with Code for WordPress REST API <= 0.0.15 - Authentication Abuse via Weak PIN Generation

Title source: llm
STIX 2.1

Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0086
EPSS Percentile 53.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-307
Status published
Products (2)
Be Devious Web Development/Password Reset with Code for WordPress REST API < 0.0.15
bedevious/password_reset_with_code_for_wordpress_rest_api < 0.0.16
Published Dec 07, 2023
Tracked Since Feb 18, 2026