CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

CVE-2026-3655

The CVE-2026-3655 entry describes an authentication bypass in the WordPress plugin “OTP Login With Phone Number, OTP Verification” versions 1.8.50–1.8.60. The root cause is a Firebase verification flow in the lwp_ajax_register AJAX handler that does not bind the Firebase session to the submitted ...

EUVD-2024-52417

Malicious code in bioql PyPI...

CVE-2025-7665

The CVE-2025-7665 entry concerns Miniorange OTP Verification with Firebase for WordPress, affecting versions 3.1.0–3.6.2. A missing capability check in the handle_mofirebase_form_options function enables unauthenticated privilege escalation to Administrator. Exploitation is described as requiring...

CVE-2024-54294

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through = 1.0.1...

CVE-2024-54294

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through = 1.0.1...

CVE-2024-54294 WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1...

CVE-2024-54294

CVE-2024-54294 affects Firebase OTP Authentication (Firebase OTP Authentication plugin) by appgenixinfotech. Root cause: Missing Authorization to Privilege Escalation, enabling authentication bypass via an alternate path/channel. Impact: total compromise of confidentiality, integrity, and availab...

CVE-2024-54294 WordPress Firebase OTP Authentication plugin <= 1.0.1 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through = 1.0.1...

WordPress plugin Firebase OTP Authentication 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...