3 matches found
WordPress Login with phone number Plugin <= 1.7.49 is vulnerable to Privilege Escalation
Software Login with phone number Type Plugin Vulnerable versions = 1.7.49 Fixed in 1.7.50 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-6482 Patch priority High CVSS severity High 8.8 Developer Hamid Alinia PSID 2e6bc4e24930 Credits Thanh Nam Tran Require...
CVE-2024-6482
creationtimestamp| type| source ---|---|--- 2024-09-14 15:41:35+00:00| seen| https://t.me/cvedetector/5673...
CVE-2024-6482 Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...