6 matches found
CVE-2022-0593
The CVE-2022-0593 is linked to the WordPress plugin “Login with phone number” prior to version 1.3.7, where delete.php contains no authentication/authorization checks. This allows an unauthenticated remote attacker to delete plugin files, potentially causing DoS. Affected component: delete.php in...
CVE-2023-23492
The CVE-2023-23492 entry concerns the WordPress plugin Login with Phone Number, version older than 1.4.2. Public data show conflicting vulnerability details across sources: NVD/NVD-derived records describe an authenticated SQL injection in the lwp_forgot_password action via the ID parameter, with...
CVE-2022-0598
The CVE-2022-0598 entry concerns the WordPress plugin “Login with phone number” (versions before 1.3.8). The vulnerability arises from insufficient sanitisation/escaping of plugin settings, allowing high-privilege users to perform Cross-Site Scripting (XSS) attacks, even when unfiltered_html is d...
CVE-2024-6482
CVE-2024-6482 : The WordPress plugin Login with phone number (versions
CVE-2023-4916
CVE-2023-4916 affects the WordPress plugin Login with phone number . The root cause is missing nonce validation in the function lwp_update_password_action , enabling CSRF that allows unauthenticated attackers to change a user’s password if they can coerce an administrator into performing an actio...
CVE-2024-37429
CVE-2024-37429: Stored XSS in the WordPress plugin Login with phone number (Hamid Alinia – idehweb), affected versions include 1.7.35 and earlier. Public details indicate the issue has been patched; remediation is to update to a newer version. Details on root cause or exact fixed version are not ...