Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8m7x-j95v-2ydu
SummaryThe Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code.
Aliases
0
alias CVE-2024-6125
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-6125
reference_id
reference_type
scores
0
value 0.01143
scoring_system epss
scoring_elements 0.7885
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-6125
1
reference_url https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve
reference_id 301a67a5-226c-413a-9198-66747d1b1fd3?source=cve
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-21T16:52:43Z/
url https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve
2
reference_url https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5
reference_id login-with-phone-number#file5
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-21T16:52:43Z/
url https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5
Weaknesses
0
cwe_id 640
name Weak Password Recovery Mechanism for Forgotten Password
description The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Exploits
Severity_range_score8.1 - 8.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8m7x-j95v-2ydu