3 matches found
CVE-2022-0593
The CVE-2022-0593 is linked to the WordPress plugin “Login with phone number” prior to version 1.3.7, where delete.php contains no authentication/authorization checks. This allows an unauthenticated remote attacker to delete plugin files, potentially causing DoS. Affected component: delete.php in...
CVE-2023-23492
The CVE-2023-23492 entry concerns the WordPress plugin Login with Phone Number, version older than 1.4.2. Public data show conflicting vulnerability details across sources: NVD/NVD-derived records describe an authenticated SQL injection in the lwp_forgot_password action via the ID parameter, with...
CVE-2024-37429
CVE-2024-37429: Stored XSS in the WordPress plugin Login with phone number (Hamid Alinia – idehweb), affected versions include 1.7.35 and earlier. Public details indicate the issue has been patched; remediation is to update to a newer version. Details on root cause or exact fixed version are not ...