22 matches found
CVE-2026-3655
The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...
CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification
The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...
WordPress plugin OTP Login With Phone Number OTP Verification 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...
EUVD-2024-51158
Malicious code in bioql PyPI...
CVE-2025-8342
CVE-2025-8342 concerns the WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress. Affected versions up to 1.8.47 allow unauthenticated attackers to bypass OTP verification via faulty empty-value checks in lwp_ajax_register and exploit Firebase API error handling when the ...
WordPress plugin WooCommerce OTP Login With Phone Number, OTP Verification 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...
CVE-2019-1020017
Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP...
CVE-2024-12857
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as an...
CVE-2024-12857 AdForest <= 5.1.8 - Authentication Bypass
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as an...
CVE-2024-12857 AdForest <= 5.1.8 - Authentication Bypass
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as an...
CVE-2024-12857
The CVE-2024-12857 entry concerns the AdForest WordPress theme (versions up to 5.1.8). The issue is an authentication bypass where the plugin does not properly verify a user’s identity before logging them in as that user, enabling unauthenticated attackers to authenticate as any user if OTP login...
PT-2024-31393 · Ory · Ory Kratos
Name of the Vulnerable Software and Affected Versions: Ory Kratos versions prior to 1.3.0 Description: Ory Kratos is an identity, user management, and authentication system for cloud services. The highest available setting incorrectly assumes the identity's highest available Authenticator Assuran...
CVE-2021-4425
The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verifyotplogintime function. This makes it possible for unauthenticated attackers to verify a one time login...
WordPress Plugin Defender Security 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2023-2706
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
Authentication flaw
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
CVE-2023-2706 OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation
The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for...
WordPress plugin OTP Login Woocommerce & Gravity Forms 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...