Overview
- Description
- Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.
- Source
- audit@patchstack.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- audit@patchstack.com
- CWE-307
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedevious:password_reset_with_code_for_wordpress_rest_api:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "0EC5E2E4-D488-448D-8114-3D69166960EE",
"versionEndExcluding": "0.0.16"
}
],
"operator": "OR"
}
]
}
]