The Password Reset with Code for WordPress REST API WordPress plugin before 0.0.17 does not use cryptographically sound algorithms to generate OTP codes, potentially leading to account takeovers.CreditsTommaso Gregori (p1s1o)WPScanReferenceshttps://wpscan.com/vulnerability/dcf5c003-91b0-4e7d-89f3-7459d8f01153/
