3 matches found
CVE-2023-4916
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwpupdatepasswordaction' function. This makes it possible for unauthenticated attackers to change user password via...
CVE-2023-4916
CVE-2023-4916 affects the WordPress plugin Login with phone number . The root cause is missing nonce validation in the function lwp_update_password_action , enabling CSRF that allows unauthenticated attackers to change a user’s password if they can coerce an administrator into performing an actio...
CVE-2023-4916 Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwpupdatepasswordaction' function. This makes it possible for unauthenticated attackers to change user password via...