Vulnerabilities > Weak Password Recovery Mechanism for Forgotten Password
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-19 | CVE-2024-12295 | The BoomBox Theme Extensions plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.8.0. | 8.8 |
| 2025-02-28 | CVE-2025-1570 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wpwax Directorist The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. | 9.8 |
| 2025-01-08 | CVE-2024-11350 | The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. | 9.8 |
| 2024-11-14 | CVE-2024-45670 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 8.1 |
| 2024-10-25 | CVE-2024-48428 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Olivegroup Olivevle An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. | 9.8 |
| 2024-10-25 | CVE-2024-9302 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Appcheap APP Builder The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. | 9.8 |
| 2024-10-16 | CVE-2024-9305 | The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. | 8.1 |
| 2024-09-25 | CVE-2024-8878 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Riello-Ups Netman 204 Firmware 02.05 The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05. | 9.8 |
| 2024-09-11 | CVE-2024-8692 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tduckcloud Tduckpro A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. | 9.8 |
| 2024-08-06 | CVE-2024-6203 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Haloservicesolutions Haloitsm HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. | 8.1 |