[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMtn2jxZ2sIkn9s4G0liKIjFI2X6ylw9PtcgBMu1VshI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":9,"research_verified":22,"research_rounds_completed":23,"research_plan":9,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":9,"research_started_at":9,"research_completed_at":9,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":22,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":22,"source_links":24},"CVE-2025-5305","password-reset-with-code-unauthenticated-privilege-escalation-via-weak-otp-codes","Password Reset with Code \u003C= 0.0.16 - Unauthenticated Privilege Escalation via Weak OTP Codes","The Password Reset with Code for WordPress REST API plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.0.16. This is due to the plugin not using cryptographically secure mechanisms for OTP generation This makes it possible for unauthenticated attackers to reset users, including administrators, passwords and leverage that to gain access to their accounts.","bdvs-password-reset",null,"\u003C=0.0.16","0.0.17","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Inadequate Encryption Strength","2025-08-28 00:00:00","2025-09-25 19:50:19",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2e84a1ca-fc82-46bc-a484-89f1235988e8?source=api-prod",29,[],false,0,{"type":25,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":26},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fbdvs-password-reset\u002Ftags"]