Search criteria
3 vulnerabilities found for password_reset_with_code_for_wordpress_rest_api by bedevious
CVE-2023-35039 (GCVE-0-2023-35039)
Vulnerability from nvd – Published: 2023-12-07 11:27 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication
Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
Severity
9.8 (Critical)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/bdv… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Be Devious Web Development | Password Reset with Code for WordPress REST API |
Affected:
n/a , ≤ 0.0.15
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdvs-password-reset",
"product": "Password Reset with Code for WordPress REST API",
"vendor": "Be Devious Web Development",
"versions": [
{
"changes": [
{
"at": "0.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "0.0.15",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jonas H\u00f6benreich (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.\u003cp\u003eThis issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.\u003c/p\u003e"
}
],
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:29.143Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a00.0.16 or a higher version."
}
],
"value": "Update to\u00a00.0.16 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Password Reset with Code for WordPress REST API Plugin \u003c= 0.0.15 is vulnerable to Broken Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-35039",
"datePublished": "2023-12-07T11:27:16.116Z",
"dateReserved": "2023-06-12T09:05:49.595Z",
"dateUpdated": "2026-04-28T16:08:29.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2023-35039
Vulnerability from fkie_nvd - Published: 2023-12-07 12:15 - Updated: 2026-04-28 19:20
Severity
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bedevious | password_reset_with_code_for_wordpress_rest_api | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedevious:password_reset_with_code_for_wordpress_rest_api:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0EC5E2E4-D488-448D-8114-3D69166960EE",
"versionEndExcluding": "0.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15."
},
{
"lang": "es",
"value": "La vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en Be Devious Web Development Password Reset with Code para la API REST de WordPress permite el abuso de autenticaci\u00f3n. Este problema afecta el restablecimiento de contrase\u00f1a con c\u00f3digo para la API REST de WordPress: desde n/a hasta 0.0.15."
}
],
"id": "CVE-2023-35039",
"lastModified": "2026-04-28T19:20:45.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T12:15:07.360",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
CVE-2023-35039 (GCVE-0-2023-35039)
Vulnerability from cvelistv5 – Published: 2023-12-07 11:27 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication
Summary
Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
Severity
9.8 (Critical)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/bdv… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Be Devious Web Development | Password Reset with Code for WordPress REST API |
Affected:
n/a , ≤ 0.0.15
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:17:04.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bdvs-password-reset",
"product": "Password Reset with Code for WordPress REST API",
"vendor": "Be Devious Web Development",
"versions": [
{
"changes": [
{
"at": "0.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "0.0.15",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jonas H\u00f6benreich (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.\u003cp\u003eThis issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.\u003c/p\u003e"
}
],
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15."
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:29.143Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u00a00.0.16 or a higher version."
}
],
"value": "Update to\u00a00.0.16 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Password Reset with Code for WordPress REST API Plugin \u003c= 0.0.15 is vulnerable to Broken Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-35039",
"datePublished": "2023-12-07T11:27:16.116Z",
"dateReserved": "2023-06-12T09:05:49.595Z",
"dateUpdated": "2026-04-28T16:08:29.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}