Lucene search
HistoryJan 20, 2023 - 7:15 p.m.
CVE-2023-23492
wordpress
sql injection
cve-2023-23492
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.062 Low
EPSS
Percentile
93.6%
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the ‘ID’ parameter of its ‘lwp_forgot_password’ action.
Affected configurations
Node
idehweblogin_with_phone_numberRange<1.4.2wordpress
Related
cve
cve
CVE-2023-23492
2023-01-20 19:15:18
nuclei
nuclei
Login with Phone Number - Cross-Site Scripting
2023-03-05 13:42:10
wpvulndb
wpvulndb
Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
openvas
openvas
WordPress Login with Phone Number Plugin < 1.4.2 XSS Vulnerability
2023-08-28 00:00:00
wpexploit
wpexploit
Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
cvelist
cvelist
CVE-2023-23492
2023-01-20 00:00:00
prion
prion
Sql injection
2023-01-20 19:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.062 Low
EPSS
Percentile
93.6%
Related for NVD:CVE-2023-23492