PT-2025-40973 · WordPress · Wp Reset
Dmitry Ignatyev
·
Published
2025-10-07
·
Updated
2025-11-18
·
CVE-2025-10645
CVSS v3.1
5.3
Medium
| AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WP Reset versions prior to 2.06
Description
The WP Reset plugin for WordPress is susceptible to exposure of sensitive information in all versions up to and including 2.05. This occurs through the
WF Licensing::log() method when debugging is enabled by default. An unauthenticated attacker can potentially extract sensitive license key and site data.Recommendations
Update WP Reset to version 2.06 or later.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Reset