9.8
CVE-2023-4214
- EPSS 0.29%
- Veröffentlicht 18.11.2023 02:15:49
- Zuletzt bearbeitet 21.11.2024 08:34:38
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAppPresser <= 4.2.5 - Insecure Password Reset Mechanism
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
Mögliche Gegenmaßnahme
AppPresser – Mobile App Framework: Update to version 4.3.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
AppPresser – Mobile App Framework
Version
* - 4.2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apppresser ≫ Apppresser SwPlatformwordpress Version < 4.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.521 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.