3 matches found
CVE-2023-2706
CVE-2023-2706 concerns the OTP Login Woocommerce & Gravity Forms plugin for WordPress. The vulnerability is an authentication bypass where OTP codes generated for login via phone numbers are returned in an AJAX response, enabling unauthenticated attackers to obtain administrator login codes if th...
CVE-2023-2706 OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
WordPress OTP Login Woocommerce & Gravity Forms Plugin <= 2.2 is vulnerable to Privilege Escalation
Software OTP Login Woocommerce & Gravity Forms Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2706 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID cdf1600db409 Credits István Márton...