CVE-2020-28642

Name of the Vulnerable Software and Affected Versions InfiniteWP Admin Panel versions prior to 3.1.12.3

Description The issue allows remote attackers to conduct admin Account Takeover attacks due to a weak password-reset code generated by the resetPasswordSendMail function. This makes it easier for attackers to gain unauthorized access to admin accounts.

Recommendations For versions prior to 3.1.12.3, update to version 3.1.12.3 or later to resolve the issue. As a temporary workaround, consider disabling the resetPasswordSendMail function until a patch is available. Restrict access to admin accounts to minimize the risk of exploitation.