1 results (0.001 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-7264 – Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism

https://notcve.org/view.php?id=CVE-2023-7264

27 Dec 2023 — The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code. El complemento Build App Online para WordPress es vulnerable a la apropiación de cuentas debido a un mecanismo débil de restablecimiento de contraseña en todas las versiones hasta la 1.0.21 incluida. Esto hace posi... • https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L3688 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •