Lucene search
CVE-2023-23492
The Login with Phone Number WordPress Plugin, v<1.4.2, has authenticated SQL injection
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | Sql injection | 20 Jan 202319:15 | – | prion |
 | WordPress Login with phone number Plugin < 1.4.2 is vulnerable to Cross Site Scripting (XSS) | 20 Jan 202300:00 | – | patchstack |
 | CVE-2023-23492 | 20 Jan 202319:15 | – | nvd |
 | CVE-2023-23492 | 20 Jan 202300:00 | – | cvelist |
 | Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting | 12 Jan 202300:00 | – | wpvulndb |
 | Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting | 12 Jan 202300:00 | – | wpexploit |
 | Login with Phone Number - Cross-Site Scripting | 5 Mar 202313:42 | – | nuclei |
 | WordPress Login with Phone Number Plugin < 1.4.2 XSS Vulnerability | 28 Aug 202300:00 | – | openvas |
Node
[
{
"vendor": "n/a",
"product": "Login with Phone Number WordPress Plugin",
"versions": [
{
"version": "< 1.4.2",
"status": "affected"
}
]
}
]| Source | Link |
|---|---|
| tenable | www.tenable.com/security/research/tra-2023-3 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| ID | query param | /wp-admin/admin-ajax.php | Reflected Cross-Site Scripting vulnerability due to lack of sanitization and escaping of the ID parameter. | CWE-89 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo20 Jan 2023 19:15Current
8.8High risk
Vulners AI Score8.8
CVSS38.8
EPSS0.07447