CVE-2025-67504

Name of the Vulnerable Software and Affected Versions WBCE CMS versions 1.6.4 and below

Description WBCE CMS uses the GenerateRandomPassword() function to create passwords using PHP's rand(). The rand() function is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets.

Recommendations Update WBCE CMS to version 1.6.5.