Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:F3703C4D-BF6D-47E5-87E5-10459667B5F4
HistoryNov 23, 2023 - 12:00 a.m.

DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints

2023-11-2300:00:00
wpscan.com
6
wordpress
dologin security
vulnerability
unauthorized modification
rest
3.7.1

AI Score

9.5

Confidence

High

JSON

Description The DoLogin Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple REST functions in versions up to, and including, 3.7.1. This makes it possible for unauthenticated attackers to send test SMS messages to arbitrary phone numbers, bypass brute force protections by making unlimited login attempts, and make use of the plugin’s IP geolocation functionality.

Related

wordfence 1
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (October 23, 2023 to October 29, 2023)
2023-11-02 18:40:49

AI Score

9.5

Confidence

High

JSON
Related for WPVDB-ID:F3703C4D-BF6D-47E5-87E5-10459667B5F4
wordfence1