CVE-2023-4214

Name of the Vulnerable Software and Affected Versions AppPresser plugin for WordPress versions up to, and including 4.2.5

Description The issue allows for unauthorized password resets due to the plugin generating a weak reset code. The code used to reset the password has no attempt or time limit, making it susceptible to exploitation.

Recommendations For AppPresser plugin for WordPress versions up to, and including 4.2.5, update to a version later than 4.2.5 to resolve the issue. As a temporary workaround, consider restricting access to the password reset functionality until a patch is available.