Vulnerabilities and security researches forbdvs-password-reset bdvs-password-reset

Oct 11, 2025

CVE, Research URL: CVE-2025-5305
Home page URL: Security reports for Password Reset with Code for WordPress REST API
Application: Password Reset with Code for WordPress REST API
Date: Sep 18, 2025
Research Description: The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.
Affected versions: max 0.0.17.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2023-35039
Home page URL: Security reports for Password Reset with Code for WordPress REST API
Application: Password Reset with Code for WordPress REST API
Date: Dec 07, 2023
Research Description: Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
Affected versions: max 0.0.16.
Status: vulnerable