Primary

Context

SOPlanning Predictable Password Recovery Token Generation Vulnerability

Vulnerability

Patched

A vulnerability exists in SOPlanning prior to version 1.55, allowing for predictable generation of password recovery tokens. This weakness enables attackers to brute-force recovery tokens and take over accounts within a reasonable timeframe.

Impact

Exploitation of this vulnerability allows for account takeover by brute-forcing password recovery tokens.

Added: Nov 20, 2025, 4:22 PM

Updated: Nov 20, 2025, 4:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.7

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SOPlanning Predictable Password Recovery Token Generation Vulnerability

Vulnerability

Impact

Affected Products

SOPlanning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating