CVE-2023-4214

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-640
View all →

Vulnerability Description

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.

Related Vulnerabilities

CVE-2012-5618

CRITICAL
CVSS:9.8(Critical)

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

CWE-6402012

CVE-2012-5686

CRITICAL
CVSS:9.8(Critical)

ZPanel 10.0.1 has insufficient entropy for its password reset process.

CWE-6402012

CVE-2015-4689

CRITICAL
CVSS:9.8(Critical)

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."

CWE-6402015

CVE-2015-5172

CRITICAL
CVSS:9.8(Critical)

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire p...

CWE-6402015

CVE-2017-17097

CRITICAL
CVSS:9.8(Critical)

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-...

CWE-6402017

CVE-2017-2766

CRITICAL
CVSS:9.8(Critical)

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pass...

CWE-6402017