CVE-2025-5305

Summary

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

Affected Software

VendorProductVersion RangeStatus
UnknownPassword Reset with Code for WordPress REST API0 < 0.0.17affected

Weaknesses

  • CWE-326 Inadequate Encryption Strength

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References