9 matches found
CVE-2023-23492
The Login with Phone Number WordPress Plugin, version 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwpforgotpassword' action...
WordPress Login with phone number plugin <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation vulnerability
Authenticated Subscriber+ Authorization Bypass to Privilege Escalation vulnerability discovered by Thanh Nam Tran in WordPress Plugin Login with phone number versions = 1.7.49...
WordPress plugin Login with phone number security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2024-5150 Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activationcode' default value is empty, and the not empty check is missing in the 'lwpajaxregister' function. This makes it possible for...
CVE-2024-32507 WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.16...
CVE-2024-34371 WordPress Login with phone number plugin <= 1.7.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.18...
WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Login with phone number versions = 1.7.16...
WordPress Login with Phone Number plugin <= 1.6.93 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Majed Refaea Patchstack Alliance in WordPress Plugin Login with phone number versions = 1.6.93...
CVE-2023-23492
The Login with Phone Number WordPress Plugin, version 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwpforgotpassword' action...