3 matches found
CVE-2025-3746
The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated...
CVE-2025-3746 OTP-less one tap Sign in 2.0.14 - 2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation
The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated...
WordPress OTP-less one tap Sign in plugin 2.0.14-2.0.59 - Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation vulnerability
Unauthenticated Arbitrary Email Update to Account Takeover/Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin OTP-less one tap Sign in versions 2.0.14-2.0.59...