Urda

**Name of the Vulnerable Software and Affected Versions** Wiki.js version 2.5.303 **Description** A disabled user can still gain access to a wiki by abusing the password reset function. This allows a user to bypass an account disabling by requesting their password be reset. The issue has been addressed in version 2.5.304. **Recommendations** For Wiki.js version 2.5.303, upgrade to version 2.5.304 to resolve the issue. As a temporary workaround, consider disabling the password reset function until the upgrade is applied. Restrict access to the wiki for disabled users to minimize the risk of exploitation.