9.8
CVE-2023-4214
- EPSS 0.3%
- Veröffentlicht 18.11.2023 02:15:49
- Zuletzt bearbeitet 08.04.2026 18:18:13
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginAppPresser <= 4.2.5 - Insecure Password Reset Mechanism
The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.
Mögliche Gegenmaßnahme
AppPresser – Mobile App Framework: Update to version 4.3.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
AppPresser – Mobile App Framework
Version
*-4.2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apppresser ≫ Apppresser SwPlatformwordpress Version < 4.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.532 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-620 Unverified Password Change
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
CWE-640 Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.