25 matches found
WordPress Login with phone number plugin missing authorization vulnerability
WordPress Login with phone number plugin is a plugin for implementing cell phone verification code login, support WordPress and WooCommerce platform, users can be authenticated by cell phone SMS or WhatsApp. The WordPress Login with phone number plugin suffers from a lack of authorization...
CVE-2024-32832 WordPress Login with Phone Number plugin <= 1.6.93 - Broken Access Control vulnerability
Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.6.93...
WordPress plugin Login with phone number 安全漏洞
WordPress Login with phone number plugin is a plugin for implementing cell phone verification code login, support WordPress and WooCommerce platform, users can be authenticated by cell phone SMS or WhatsApp. The WordPress Login with phone number plugin suffers from a lack of authorization...
CVE-2024-32507
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.16...
CVE-2024-6482
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...
CVE-2024-12857
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as an...
PT-2024-27545 · Hamid Alinia · Idehweb
Name of the Vulnerable Software and Affected Versions: Hamid Alinia – idehweb versions 1.7.35 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in the Login with phone...
WordPress Login with phone number plugin <= 1.7.35 - Admin+ Cross Site Scripting (XSS) vulnerability
Admin+ Cross Site Scripting XSS vulnerability discovered by LuxF0z Patchstack Alliance in WordPress Plugin Login with phone number versions = 1.7.35...
WordPress Login with phone number Plugin <= 1.7.35 is vulnerable to Cross Site Scripting (XSS)
Software Login with phone number Type Plugin Vulnerable versions = 1.7.35 Fixed in 1.7.36 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37429 Patch priority Low CVSS severity Low 5.9 Developer Hamid Alinia PSID f9a0d58ebaa8 Credits LuxF0z Required privilege...
CVE-2024-6125
The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...
WordPress Login with phone number plugin <= 1.7.34 - Insecure Password Reset Mechanism vulnerability
Insecure Password Reset Mechanism vulnerability discovered by István Márton in WordPress Plugin Login with phone number versions = 1.7.34...
WordPress Login with phone number plugin <= 1.7.26 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Login with phone number versions = 1.7.26...
WordPress plugin Login with phone number 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Login with phone number Plugin <= 1.7.18 is vulnerable to Broken Access Control
Software Login with phone number Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34371 Patch priority Low CVSS severity Low 4.3 Developer Hamid Alinia PSID 42d051f8202b Credits Dhabaleshwar Das...
Login with phone number < 1.7.17 - Unauthorized Account Password Change to Privilege Escalation
Description The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.16. This is due to the plugin not properly verifying the identity of a user who is trying to reset a password. This makes it possible for authenticated...
WordPress Plugin Login with phone number 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
The vulnerability of the lwp_forgot_password function in the “Login with Phone Number” plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the lwpforgotpassword function in the “Login with Phone Number” plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...
PT-2023-20921 · WordPress · Otp Login Woocommerce & Gravity Forms
Name of the Vulnerable Software and Affected Versions: OTP Login Woocommerce & Gravity Forms plugin for WordPress affected versions not specified Description: The OTP Login Woocommerce & Gravity Forms plugin for WordPress has an issue that allows authentication bypass. This happens because the...
Login Bypass Vulnerability in Xianqi Kindergarten Online Management System
Xianqi Kindergarten Online Management System is a professional and easy-to-use kindergarten online management system that supports real-time synchronization of data between smartphone APP and computer. There is a login bypass vulnerability, which can be exploited by attackers to login the system...
Jiaxing Public Security App Has Arbitrary Account Login Vulnerability
Jiaxing Public Security APP is a convenient mobile application for local people in Jiaxing to find local services, mainly including motor vehicle violation inquiry, immigration office appointment, police news, security, police map, law enforcement public and other functional services. Jiaxing...