Lucene search
TenableCVE-2023-23492HistoryJan 20, 2023 - 7:15 p.m.
CVE-2023-23492
2023-01-2019:15:18
CWE-89
tenable
web.nvd.nist.gov
34
cve-2023-23492
wordpress plugin
sql injection
nvd
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.059
Percentile
93.6%
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the ‘ID’ parameter of its ‘lwp_forgot_password’ action.
Affected configurations
Node
idehweblogin_with_phone_numberRange<1.4.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| idehweb | login_with_phone_number | * | cpe:2.3:a:idehweb:login_with_phone_number:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "n/a",
"product": "Login with Phone Number WordPress Plugin",
"versions": [
{
"version": "< 1.4.2",
"status": "affected"
}
]
}
]Related
prion
prion
Sql injection
2023-01-20 19:15:00
nvd
nvd
CVE-2023-23492
2023-01-20 19:15:18
cvelist
cvelist
CVE-2023-23492
2023-01-20 00:00:00
nuclei
nuclei
Login with Phone Number - Cross-Site Scripting
2023-03-05 13:42:10
openvas
openvas
WordPress Login with Phone Number Plugin < 1.4.2 XSS Vulnerability
2023-08-28 00:00:00
wpvulndb
wpvulndb
Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
wpexploit
wpexploit
Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.059
Percentile
93.6%
Related for CVE-2023-23492