EUVD-2025-16545

Malicious code in bioql PyPI...

CVE-2025-7692

The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olwshandleverifyphone function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on t...

CVE-2025-7692 Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP

The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olwshandleverifyphone function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on t...

CVE-2025-7692

The CVE-2025-7692 issue affects the WordPress Orion Login with SMS plugin (versions up to 1.0.5). The root cause is a weak OTP value in the olws_handle_verify_phone() function, which exposes the hash needed to generate the OTP and has no limits on login attempts. This enables unauthenticated atta...

CVE-2025-7692 Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP

The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olwshandleverifyphone function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on t...

CVE-2025-4607

The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customerregistration function. This is due to the use of a weak, low-entropy OTP mechanism in the forget function. This makes it possible for...

CVE-2025-4607

CVE-2025-4607 concerns the PSW Front-end Login & Registration plugin for WordPress (versions up to and including 1.12). The vulnerability arises from a weak, low-entropy OTP mechanism in the forget() function, enabling unauthenticated attackers to initiate a password reset for any user (including...

CVE-2025-1570

CVE-2025-1570 : Directorist – AI-Powered Business Directory Plugin for WordPress suffers privilege escalation via account takeover in all versions up to and including 8.1. The root cause is inadequate controls in directorist_generate_password_reset_pin_code() and reset_user_password() that permit...

CVE-2025-1570 Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings <= 8.1 - Privilege Escalation and Account Takeover via Weak OTP

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

CVE-2024-11178

The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the...

CVE-2024-11178

The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the...

CVE-2024-11178

CVE-2024-11178 affects the WordPress Login With OTP plugin. Versions

CVE-2024-11178 Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP

The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the...

CVE-2024-11178 Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP

The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the...

WordPress Login With OTP plugin <= 1.4.2 - Authentication Bypass via Weak OTP vulnerability

Authentication Bypass via Weak OTP vulnerability discovered by István Márton in WordPress Plugin Login With OTP versions = 1.4.2...

CVE-2024-9302 App Builder – Create Native Android & iOS Apps On The Flight <= 5.3.7 - Privilege Escalation and Account Takeover via Weak OTP

The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.3.7. This is due to the verifyotpforgotpassword and updatepassword functions not having enough controls to preve...

CVE-2024-9305 AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the apppresetpassword and validateresetpassword functions not having enough controls to prevent a successful brute forc...

CVE-2024-9305 AppPresser – Mobile App Framework <= 4.4.4 - Privilege Escalation and Account Takeover via Weak OTP

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.4. This is due to the apppresetpassword and validateresetpassword functions not having enough controls to prevent a successful brute forc...