20 matches found
WordPress OTP Login With Phone Number, OTP Verification plugin 1.8.50-1.8.60 - Unauthenticated Authentication Bypass vulnerability
Unauthenticated Authentication Bypass vulnerability discovered by luckybuddy in WordPress Plugin Login with phone number versions 1.8.50-1.8.60...
CVE-2024-34371
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.18...
EUVD-2024-34743
Malicious code in bioql PyPI...
CVE-2024-37429
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.35...
CVE-2024-31424
Cross-Site Request Forgery CSRF vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.6.93...
CVE-2024-6482
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...
CVE-2024-6482 Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...
PT-2024-37658 · WordPress · Login With Phone Number
Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to, and including, 1.7.49 Description: The issue is due to a lack of validation and missing capability check on user-supplied data in the lwp update password action function. This allow...
CVE-2024-37429 WordPress Login with phone number plugin <= 1.7.35 - Admin+ Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hamid Alinia – idehweb Login with phone number allows Stored XSS.This issue affects Login with phone number: from n/a through 1.7.35...
WordPress plugin Login with phone number 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-32507
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.16...
CVE-2024-32507
CVE-2024-32507 corresponds to a Privilege Escalation in the WordPress plugin “Login with phone number” (Hamid Alinia – idehweb). The issue is described as improper privilege management that enables privilege escalation via the Login with phone number feature for versions affected up to 1.7.16. Pu...
CVE-2024-34371
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.18...
CVE-2024-34371
CVE-2024-34371 : A Missing Authorization vulnerability affects the WordPress plugin Login with phone number (login-with-phone-number) , reported for versions from n/a up to and including 1.7.18 . The Red Hat and CVE records confirm an unauthorized access issue within this plugin. The entry notes ...
WordPress Login with phone number Plugin <= 1.6.93 is vulnerable to Cross Site Request Forgery (CSRF)
Software Login with phone number Type Plugin Vulnerable versions = 1.6.93 Fixed in 1.6.94 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2024-31424 Patch priority Low CVSS severity Low 8.8 Developer Hamid Alinia PSID 32dbb4921861 Credits Majed...
CVE-2022-0598
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0598 Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0593
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation...
Authorization
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation...
CVE-2022-0593
The CVE-2022-0593 is linked to the WordPress plugin “Login with phone number” prior to version 1.3.7, where delete.php contains no authentication/authorization checks. This allows an unauthenticated remote attacker to delete plugin files, potentially causing DoS. Affected component: delete.php in...