CVE-2023-7264

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-640
View all →

Vulnerability Description

The Build App Online plugin for WordPress is vulnerable to account takeover due to a weak password reset mechanism in all versions up to, and including, 1.0.21. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing an 4-digit numeric reset code.

Related Vulnerabilities

CVE-2012-5618

CRITICAL
CVSS:9.8(Critical)

Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.

CWE-6402012

CVE-2012-5686

CRITICAL
CVSS:9.8(Critical)

ZPanel 10.0.1 has insufficient entropy for its password reset process.

CWE-6402012

CVE-2015-4689

CRITICAL
CVSS:9.8(Critical)

Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."

CWE-6402015

CVE-2015-5172

CRITICAL
CVSS:9.8(Critical)

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire p...

CWE-6402015

CVE-2017-17097

CRITICAL
CVSS:9.8(Critical)

gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-...

CWE-6402017

CVE-2017-2766

CRITICAL
CVSS:9.8(Critical)

EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified pass...

CWE-6402017