CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
CVE-2023-5959 (GCVE-0-2023-5959)
Vulnerability from cvelistv5 – Published: 2023-11-11 09:00 – Updated: 2024-08-02 08:14
VLAI
Title
Byzoro Smart S85F Management Platform login.php password recovery
Summary
A vulnerability, which was classified as problematic, was found in Byzoro Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-640 - Weak Password Recovery
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.244992 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.244992 | signaturepermissions-required |
| https://vuldb.com/?submit.232562 | third-party-advisory |
| https://github.com/Changboqian/cve/blob/main/rese… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Byzoro | Smart S85F Management Platform |
Affected:
V31R02B10-01
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:25.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-244992 | Byzoro Smart S85F Management Platform login.php password recovery",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.244992"
},
{
"name": "VDB-244992 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.244992"
},
{
"name": "Submit #232562 | yzro Networks Smart S85F management platform has a vulnerability in improper password reset",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.232562"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Changboqian/cve/blob/main/reset_password_improperly.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Smart S85F Management Platform",
"vendor": "Byzoro",
"versions": [
{
"status": "affected",
"version": "V31R02B10-01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "changboqian (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Byzoro Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Byzoro Smart S85F Management Platform V31R02B10-01 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /login.php. Dank der Manipulation des Arguments txt_newpwd mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T08:34:24.035Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-244992 | Byzoro Smart S85F Management Platform login.php password recovery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.244992"
},
{
"name": "VDB-244992 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.244992"
},
{
"name": "Submit #232562 | yzro Networks Smart S85F management platform has a vulnerability in improper password reset",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.232562"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Changboqian/cve/blob/main/reset_password_improperly.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-05T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-11-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-11-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-09T09:06:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Byzoro Smart S85F Management Platform login.php password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5959",
"datePublished": "2023-11-11T09:00:06.698Z",
"dateReserved": "2023-11-05T16:46:30.333Z",
"dateUpdated": "2024-08-02T08:14:25.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-7028 (GCVE-0-2023-7028)
Vulnerability from cvelistv5 – Published: 2024-01-12 13:56 – Updated: 2026-05-26 04:05
VLAI
Title
Weak Password Recovery Mechanism for Forgotten Password in GitLab
Summary
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Severity
10 (Critical)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/436084 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2293343 | technical-descriptionexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GitLab | GitLab |
Affected:
16.1 , < 16.1.6
(semver)
Affected: 16.2 , < 16.2.9 (semver) Affected: 16.3 , < 16.3.7 (semver) Affected: 16.4 , < 16.4.5 (semver) Affected: 16.5 , < 16.5.6 (semver) Affected: 16.6 , < 16.6.4 (semver) Affected: 16.7 , < 16.7.2 (semver) cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7028",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-02T17:50:56.921719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-05-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:28.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7028"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-01T00:00:00.000Z",
"value": "CVE-2023-7028 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-19T07:48:03.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GitLab Issue #436084",
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
},
{
"name": "HackerOne Bug Bounty Report #2293343",
"tags": [
"technical-description",
"exploit",
"x_transferred"
],
"url": "https://hackerone.com/reports/2293343"
},
{
"url": "https://www.vicarius.io/vsociety/posts/critical-gitlab-account-takeover-vulnerability-cve-2023-7028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.1.6",
"status": "affected",
"version": "16.1",
"versionType": "semver"
},
{
"lessThan": "16.2.9",
"status": "affected",
"version": "16.2",
"versionType": "semver"
},
{
"lessThan": "16.3.7",
"status": "affected",
"version": "16.3",
"versionType": "semver"
},
{
"lessThan": "16.4.5",
"status": "affected",
"version": "16.4",
"versionType": "semver"
},
{
"lessThan": "16.5.6",
"status": "affected",
"version": "16.5",
"versionType": "semver"
},
{
"lessThan": "16.6.4",
"status": "affected",
"version": "16.6",
"versionType": "semver"
},
{
"lessThan": "16.7.2",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [asterion04](https://hackerone.com/asterion04) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T04:05:15.369Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #436084",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436084"
},
{
"name": "HackerOne Bug Bounty Report #2293343",
"tags": [
"technical-description",
"exploit"
],
"url": "https://hackerone.com/reports/2293343"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 16.7.2, 16.6.4, 16.5.6, 16.4.5, 16.3.7, 16.2.9, 16.1.6 or above."
}
],
"title": "Weak Password Recovery Mechanism for Forgotten Password in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2023-7028",
"datePublished": "2024-01-12T13:56:41.726Z",
"dateReserved": "2023-12-20T20:30:37.127Z",
"dateUpdated": "2026-05-26T04:05:15.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7264 (GCVE-0-2023-7264)
Vulnerability from cvelistv5 – Published: 2024-06-11 03:16 – Updated: 2026-04-08 17:33
VLAI
Title
Build App Online <= 1.0.22 - Account Takeover via Weak Password Reset Mechanism
Summary
The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.
Severity
8.1 (High)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| hakeemnala | Build App Online |
Affected:
0 , ≤ 1.0.22
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rahamsolutions:build_app_online:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "build_app_online",
"vendor": "rahamsolutions",
"versions": [
{
"lessThanOrEqual": "1.0.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T12:57:14.135110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T12:57:54.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6047ae6-b1b4-4b31-aa12-560927e1040b?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L3688"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L3757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Build App Online",
"vendor": "hakeemnala",
"versions": [
{
"lessThanOrEqual": "1.0.22",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ramuel Gall"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.22. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:33:26.719Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f6047ae6-b1b4-4b31-aa12-560927e1040b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L3688"
},
{
"url": "https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L3757"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3201569%40build-app-online\u0026new=3201569%40build-app-online\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-27T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Build App Online \u003c= 1.0.22 - Account Takeover via Weak Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-7264",
"datePublished": "2024-06-11T03:16:59.623Z",
"dateReserved": "2024-05-28T14:43:04.373Z",
"dateUpdated": "2026-04-08T17:33:26.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-0186 (GCVE-0-2024-0186)
Vulnerability from cvelistv5 – Published: 2024-01-02 00:31 – Updated: 2025-06-03 14:47
VLAI
Title
HuiRan Host Reseller System HTTP POST Request password recovery
Summary
A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.
Severity
CWE
- CWE-640 - Weak Password Recovery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.249444 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.249444 | signaturepermissions-required |
| https://note.zhaoj.in/share/WwPWWizD2Spk | broken-linkexploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| HuiRan | Host Reseller System |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.249444"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.249444"
},
{
"tags": [
"broken-link",
"exploit",
"x_transferred"
],
"url": "https://note.zhaoj.in/share/WwPWWizD2Spk"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:57:40.412700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:47:03.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Host Reseller System",
"vendor": "HuiRan",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "glzjin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in HuiRan Host Reseller System bis 2.0.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei /user/index/findpass?do=4 der Komponente HTTP POST Request Handler. Durch Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T19:03:35.599Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.249444"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.249444"
},
{
"tags": [
"broken-link",
"exploit"
],
"url": "https://note.zhaoj.in/share/WwPWWizD2Spk"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-01T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-01-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-22T13:46:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "HuiRan Host Reseller System HTTP POST Request password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0186",
"datePublished": "2024-01-02T00:31:04.085Z",
"dateReserved": "2024-01-01T15:41:36.946Z",
"dateUpdated": "2025-06-03T14:47:03.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0425 (GCVE-0-2024-0425)
Vulnerability from cvelistv5 – Published: 2024-01-11 20:00 – Updated: 2025-06-09 18:38
VLAI
Title
ForU CMS password recovery
Summary
A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444.
Severity
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-640 - Weak Password Recovery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.250444 | vdb-entry |
| https://vuldb.com/?ctiid.250444 | signaturepermissions-required |
| https://github.com/mi2acle/forucmsvuln/blob/maste… | exploit |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.250444"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250444"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0425",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-08T20:19:42.639400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:38:40.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "ForU",
"versions": [
{
"status": "affected",
"version": "2020-06-23"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Mi2ac1e (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444."
},
{
"lang": "de",
"value": "In ForU CMS bis 2020-06-23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/index.php?act=reset_admin_psw. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T20:00:05.796Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.250444"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250444"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-01-11T13:44:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "ForU CMS password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0425",
"datePublished": "2024-01-11T20:00:05.796Z",
"dateReserved": "2024-01-11T12:38:46.884Z",
"dateUpdated": "2025-06-09T18:38:40.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0491 (GCVE-0-2024-0491)
Vulnerability from cvelistv5 – Published: 2024-01-13 14:31 – Updated: 2024-10-24 15:02
VLAI
Title
Huaxia ERP UserController.java password recovery
Summary
A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596.
Severity
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-640 - Weak Password Recovery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.250596 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.250596 | signaturepermissions-required |
| https://github.com/laoquanshi/puppy/blob/main/Log… | broken-link |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.250596"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.250596"
},
{
"tags": [
"broken-link",
"x_transferred"
],
"url": "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T19:38:25.221168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T15:02:46.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ERP",
"vendor": "Huaxia",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "puppy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Huaxia ERP bis 3.1 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei src/main/java/com/jsh/erp/controller/UserController.java. Mittels dem Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 3.2 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-09T19:10:58.572Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.250596"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.250596"
},
{
"tags": [
"broken-link"
],
"url": "https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-01-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-01-12T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-01-12T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-02-02T14:30:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "Huaxia ERP UserController.java password recovery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-0491",
"datePublished": "2024-01-13T14:31:04.104Z",
"dateReserved": "2024-01-12T11:58:16.228Z",
"dateUpdated": "2024-10-24T15:02:46.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11103 (GCVE-0-2024-11103)
Vulnerability from cvelistv5 – Published: 2024-11-28 09:47 – Updated: 2026-04-08 16:35
VLAI
Title
Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover
Summary
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity
9.8 (Critical)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe |
Affected:
0 , ≤ 24.0.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contest_gallery:contest_gallery:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "contest_gallery",
"vendor": "contest_gallery",
"versions": [
{
"lessThanOrEqual": "24.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T11:13:17.024791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T11:14:03.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contest Gallery \u2013 Upload \u0026 Vote Photos, Media, Sell with PayPal \u0026 Stripe",
"vendor": "contest-gallery",
"versions": [
{
"lessThanOrEqual": "24.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khayal Farzaliyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:35:21.716Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0df7f413-2631-46d9-8c0b-d66f05a02c01?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-password-reset.php#L88"
},
{
"url": "https://plugins.trac.wordpress.org/browser/contest-gallery/trunk/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php#L31"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3196011/contest-gallery/tags/24.0.8/v10/v10-admin/users/frontend/login/ajax/users-login-check-ajax-lost-password.php?old=3190068\u0026old_path=contest-gallery%2Ftags%2F24.0.7%2Fv10%2Fv10-admin%2Fusers%2Ffrontend%2Flogin%2Fajax%2Fusers-login-check-ajax-lost-password.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-27T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Contest Gallery \u003c= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11103",
"datePublished": "2024-11-28T09:47:09.248Z",
"dateReserved": "2024-11-11T20:50:05.647Z",
"dateUpdated": "2026-04-08T16:35:21.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11350 (GCVE-0-2024-11350)
Vulnerability from cvelistv5 – Published: 2025-01-08 08:18 – Updated: 2026-04-08 16:51
VLAI
Title
AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover
Summary
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity
9.8 (Critical)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| scriptsbundle | AdForest |
Affected:
0 , ≤ 5.1.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T14:07:18.315870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T14:07:34.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AdForest",
"vendor": "scriptsbundle",
"versions": [
{
"lessThanOrEqual": "5.1.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:51:50.893Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve"
},
{
"url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-20T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "AdForest \u003c= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-11350",
"datePublished": "2025-01-08T08:18:16.723Z",
"dateReserved": "2024-11-18T16:49:17.332Z",
"dateUpdated": "2026-04-08T16:51:50.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12295 (GCVE-0-2024-12295)
Vulnerability from cvelistv5 – Published: 2025-03-19 04:21 – Updated: 2026-04-08 17:20
VLAI
Title
BoomBox Theme Extensions <= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password
Summary
The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user's identity prior to updating their password through the 'boombox_ajax_reset_password' function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Severity
8.8 (High)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PX-lab | BoomBox Theme Extensions |
Affected:
0 , ≤ 1.8.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T14:02:37.562745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:03:01.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BoomBox Theme Extensions",
"vendor": "PX-lab",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tonn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password through the \u0027boombox_ajax_reset_password\u0027 function. This makes it possible for authenticated attackers, with subscriber-level privileges and above, to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:20:36.528Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c453aaf6-767d-4929-bbb3-3c0b78b0507a?source=cve"
},
{
"url": "https://themeforest.net/item/boombox-viral-buzz-wordpress-theme/16596434"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-12-06T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-03-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "BoomBox Theme Extensions \u003c= 1.8.0 - Authenticated (Subscriber+) Privilege Escalation via Password Reset/Account Takeover in boombox_ajax_reset_password"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12295",
"datePublished": "2025-03-19T04:21:06.477Z",
"dateReserved": "2024-12-06T00:06:04.720Z",
"dateUpdated": "2026-04-08T17:20:36.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12604 (GCVE-0-2024-12604)
Vulnerability from cvelistv5 – Published: 2025-03-10 14:28 – Updated: 2025-09-12 07:11 Exclusively Hosted Service
VLAI
Title
Improper Authentication in Tapandsign Technologies Tap and Sign App
Summary
Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
Severity
6.5 (Medium)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tapandsign Technologies | Tap&Sign App |
Affected:
0 , < V.1.025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T16:06:00.844956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T16:06:16.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tap\u0026Sign App",
"vendor": "Tapandsign Technologies",
"versions": [
{
"lessThan": "V.1.025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mucahit IC"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap\u0026amp;Sign App allows Password Recovery Exploitation, Functionality Misuse.\u003cp\u003eThis issue affects Tap\u0026amp;Sign App: before V.1.025.\u003c/p\u003e"
}
],
"value": "Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap\u0026Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap\u0026Sign App: before V.1.025."
}
],
"impacts": [
{
"capecId": "CAPEC-50",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-50 Password Recovery Exploitation"
}
]
},
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-526",
"description": "CWE-526 Cleartext Storage of Sensitive Information in an Environment Variable",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T07:11:59.692Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://docs.tapandsign.com/tap-and-sign/tap-and-sign-v.1.025-surum-notlari"
},
{
"url": "https://www.usom.gov.tr/bildirim/tr-25-0063"
}
],
"source": {
"advisory": "TR-25-0063",
"defect": [
"TR-25-0063"
],
"discovery": "UNKNOWN"
},
"tags": [
"exclusively-hosted-service"
],
"title": "Improper Authentication in Tapandsign Technologies Tap and Sign App",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-12604",
"datePublished": "2025-03-10T14:28:12.230Z",
"dateReserved": "2024-12-13T11:55:16.553Z",
"dateUpdated": "2025-09-12T07:11:59.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Make sure that all input supplied by the user to the password recovery mechanism is thoroughly filtered and validated.
Mitigation
Phase: Architecture and Design
Description:
- Do not use standard weak security questions and use several security questions.
Mitigation
Phase: Architecture and Design
Description:
- Make sure that there is throttling on the number of incorrect answers to a security question. Disable the password recovery functionality after a certain (small) number of incorrect guesses.
Mitigation
Phase: Architecture and Design
Description:
- Require that the user properly answers the security question prior to resetting their password and sending the new password to the e-mail address of record.
Mitigation
Phase: Architecture and Design
Description:
- Never allow the user to control what e-mail address the new password will be sent to in the password recovery mechanism.
Mitigation
Phase: Architecture and Design
Description:
- Assign a new temporary password rather than revealing the original password.
CAPEC-50: Password Recovery Exploitation
An attacker may take advantage of the application feature to help users recover their forgotten passwords in order to gain access into the system with the same privileges as the original user. Generally password recovery schemes tend to be weak and insecure.