CVE-2025-5305

Published: Sep 18, 2025

Modified: Sep 22, 2025

PUBLISHED

Description

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

Vendor	Product	Versions
Unknown	Password Reset with Code for WordPress REST API	affected `0 - < 0.0.17`

References

https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/

exploit

vdb-entry

technical-description

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-5305

Description

Affected Products

References