CVE-2025-5305CRITICAL 9.8EPSS p12.2%

CVE-2025-5305CVE-2025-5305

Description

The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.2% · 2026-06-19T12:03:05Z
Published2025-09-18
Last modified2026-04-15

References

  1. https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/
  2. https://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15030
CVE
CVE-2025-3746
CVE
CVE-2025-12374
CVE
CVE-2025-14975
CVE
CVE-2025-14002
CVE
CVE-2025-9967
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.