{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-35039","assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","state":"PUBLISHED","assignerShortName":"Patchstack","dateReserved":"2023-06-12T09:05:49.595Z","datePublished":"2023-12-07T11:27:16.116Z","dateUpdated":"2026-04-28T16:08:29.143Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"bdvs-password-reset","product":"Password Reset with Code for WordPress REST API","vendor":"Be Devious Web Development","versions":[{"changes":[{"at":"0.0.16","status":"unaffected"}],"lessThanOrEqual":"0.0.15","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Jonas Höbenreich (Patchstack Alliance)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.<p>This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.</p>"}],"value":"Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15."}],"impacts":[{"capecId":"CAPEC-114","descriptions":[{"lang":"en","value":"CAPEC-114 Authentication Abuse"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-307","description":"CWE-307 Improper Restriction of Excessive Authentication Attempts","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack","dateUpdated":"2026-04-28T16:08:29.143Z"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update to 0.0.16 or a higher version."}],"value":"Update to 0.0.16 or a higher version."}],"source":{"discovery":"EXTERNAL"},"title":"WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:17:04.210Z"},"title":"CVE Program Container","references":[{"tags":["vdb-entry","x_transferred"],"url":"https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve"}]}]}}