Password Recovery Plugin
Approved changes feed: RSS · Atom
cpe:2.3:a:alfnru:password_recovery_plugin:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alfnru (2b283b01-d673-58ea-8bb3-1664731e0422) |
|---|---|
| Product | Password Recovery Plugin (981de856-69c6-5921-855e-59268b2f4f65) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3222 |
vulnerable | 2026-06-08 06:09:38.875088 |
Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin
HIGH (7.5)
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
Published: 2023-09-04T12:49:47.169Z
Updated: 2024-09-30T18:46:16.475Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3221 |
vulnerable | 2026-06-08 06:09:38.873843 |
User enumeration vulnerability in Roundcube Password Recovery Plugin
MEDIUM (5.3)
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
Published: 2023-09-04T12:31:30.699Z
Updated: 2024-09-30T18:47:09.349Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.