## https://sploitus.com/exploit?id=WPEX-ID:C142E738-BC4B-4058-A03E-1BE6FCA47207
The password reset key is checked against the password recovery key but it runs through "sanitize_text_field" so we have a bypass where we can pass the key as something we know the sanitize function will strip like a tag <a> and this will get us past the empty() checks and then check the DB for an empty string, usually this will be the first user with ID 1 which is the admin, so if their password recovery key is empty we can change thier pass to our desired pass just with the URL http://localhost/rr/?key=<a>
1. Visit the password reset page of the plugin (ie where the [wppb-recover-password] is embed).
2. Add this to the URL "?key=<a>"
The sanitization function will strip HTML but this will pass the empty() check as the variable contains something.
3. Enter the password twice in the password reset form and submit, this will reset the admin password to the password you entered.