Lucene search
+L

25 matches found

CNVD
CNVD
added 2025/09/02 12:0 a.m.4 views

WordPress Login with phone number plugin missing authorization vulnerability

WordPress Login with phone number plugin is a plugin for implementing cell phone verification code login, support WordPress and WooCommerce platform, users can be authenticated by cell phone SMS or WhatsApp. The WordPress Login with phone number plugin suffers from a lack of authorization...

9.8CVSS6.9AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/31 3:47 a.m.12 views

CVE-2024-32832 WordPress Login with Phone Number plugin <= 1.6.93 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.6.93...

9.8CVSS0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/31 12:0 a.m.5 views

WordPress plugin Login with phone number 安全漏洞

WordPress Login with phone number plugin is a plugin for implementing cell phone verification code login, support WordPress and WooCommerce platform, users can be authenticated by cell phone SMS or WhatsApp. The WordPress Login with phone number plugin suffers from a lack of authorization...

9.8CVSS6.8AI score0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 7:5 a.m.5 views

CVE-2024-32507

Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through = 1.7.16...

8.8CVSS5.9AI score0.00461EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:54 a.m.10 views

CVE-2024-6482

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwpupdatepasswordaction' function. This makes it possible for...

8.8CVSS6.8AI score0.00485EPSS
Exploits0References1
OSV
OSV
added 2025/01/22 7:15 a.m.5 views

CVE-2024-12857

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as an...

9.8CVSS7.5AI score0.00719EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.7 views

PT-2024-27545 · Hamid Alinia · Idehweb

Name of the Vulnerable Software and Affected Versions: Hamid Alinia – idehweb versions 1.7.35 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in the Login with phone...

5.9CVSS5.6AI score0.00263EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/06/28 8:50 a.m.7 views

WordPress Login with phone number plugin <= 1.7.35 - Admin+ Cross Site Scripting (XSS) vulnerability

Admin+ Cross Site Scripting XSS vulnerability discovered by LuxF0z Patchstack Alliance in WordPress Plugin Login with phone number versions = 1.7.35...

5.9CVSS6.1AI score0.00263EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/28 12:0 a.m.12 views

WordPress Login with phone number Plugin <= 1.7.35 is vulnerable to Cross Site Scripting (XSS)

Software Login with phone number Type Plugin Vulnerable versions = 1.7.35 Fixed in 1.7.36 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37429 Patch priority Low CVSS severity Low 5.9 Developer Hamid Alinia PSID f9a0d58ebaa8 Credits LuxF0z Required privilege...

5.9CVSS6.6AI score0.00263EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/06/19 2:15 a.m.26 views

CVE-2024-6125

The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for...

8.1CVSS0.00458EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/18 5:53 p.m.4 views

WordPress Login with phone number plugin <= 1.7.34 - Insecure Password Reset Mechanism vulnerability

Insecure Password Reset Mechanism vulnerability discovered by István Márton in WordPress Plugin Login with phone number versions = 1.7.34...

8.1CVSS7AI score0.00458EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/28 2:1 p.m.8 views

WordPress Login with phone number plugin <= 1.7.26 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Login with phone number versions = 1.7.26...

9.8CVSS7AI score0.00804EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/05/17 12:0 a.m.3 views

WordPress plugin Login with phone number 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.4AI score0.00461EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/03 12:0 a.m.15 views

WordPress Login with phone number Plugin <= 1.7.18 is vulnerable to Broken Access Control

Software Login with phone number Type Plugin Vulnerable versions = 1.7.18 Fixed in 1.7.20 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-34371 Patch priority Low CVSS severity Low 4.3 Developer Hamid Alinia PSID 42d051f8202b Credits Dhabaleshwar Das...

4.3CVSS6.6AI score0.00396EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/25 12:0 a.m.12 views

Login with phone number < 1.7.17 - Unauthorized Account Password Change to Privilege Escalation

Description The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.16. This is due to the plugin not properly verifying the identity of a user who is trying to reset a password. This makes it possible for authenticated...

8.8CVSS9.5AI score0.00461EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.3 views

WordPress Plugin Login with phone number 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS6.4AI score0.0031EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.7 views

The vulnerability of the lwp_forgot_password function in the “Login with Phone Number” plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the lwpforgotpassword function in the “Login with Phone Number” plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...

10CVSS8.1AI score0.57123EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/17 12:0 a.m.7 views

PT-2023-20921 · WordPress · Otp Login Woocommerce & Gravity Forms

Name of the Vulnerable Software and Affected Versions: OTP Login Woocommerce & Gravity Forms plugin for WordPress affected versions not specified Description: The OTP Login Woocommerce & Gravity Forms plugin for WordPress has an issue that allows authentication bypass. This happens because the...

8.1CVSS8.9AI score0.0172EPSS
Exploits0References9
CNVD
CNVD
added 2019/09/27 12:0 a.m.3 views

Login Bypass Vulnerability in Xianqi Kindergarten Online Management System

Xianqi Kindergarten Online Management System is a professional and easy-to-use kindergarten online management system that supports real-time synchronization of data between smartphone APP and computer. There is a login bypass vulnerability, which can be exploited by attackers to login the system...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/08/22 12:0 a.m.3 views

Jiaxing Public Security App Has Arbitrary Account Login Vulnerability

Jiaxing Public Security APP is a convenient mobile application for local people in Jiaxing to find local services, mainly including motor vehicle violation inquiry, immigration office appointment, police news, security, police map, law enforcement public and other functional services. Jiaxing...

6.5AI score
Exploits0
Rows per page
Query Builder