CVE-2023-35039 CRITICAL

CVE-2023-35039: WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication

Vendor Be Devious Web Development

Product Password Reset with Code for WordPress REST API

Weakness CWE-307 · Brute force

Published December 7, 2023

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.

Key dates

02Disclosure timeline

December 7, 2023 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-35039 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/307.html

Related vulnerabilities

Identifiers

CVE CVE-2023-35039

CWE CWE-307

CVSS 9.8 / CRITICAL

Affected versions