2 matches found
CVE-2025-7692
The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olwshandleverifyphone function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on t...
WordPress Orion Login with SMS plugin <= 1.0.5 - Authenticated Bypass via Weak OTP vulnerability
Authenticated Bypass via Weak OTP vulnerability discovered by kr0d in WordPress Plugin Orion Login with SMS versions = 1.0.5...