In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.Referenceshttps://www.wowonder.comhttps://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200https://www.exploit-db.com/exploits/49989
