CVE-2023-35039 – WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication

https://notcve.org/view.php?id=CVE-2023-35039

14 Aug 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en Be Devious Web Development Password Reset with Code para la API REST de WordPress permite el abuso de autenticación. Este problema afecta el restablecimien... • https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-640: Weak Password Recovery Mechanism for Forgotten Password •