Search
Find a vulnerability
Search criteria
6 vulnerabilities by glboy
CVE-2026-3655 (GCVE-0-2026-3655)
Vulnerability from cvelistv5 – Published: 2026-05-29 06:43 – Updated: 2026-05-29 10:05
VLAI
Title
OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification
Summary
The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone number supplied in the request. The `idehweb_lwp_activate_through_firebase()` function validates that a Firebase OTP session is legitimate, but the `phoneNumber` returned by Firebase is never compared against the victim's stored phone number. This makes it possible for unauthenticated attackers to authenticate as any user who has a phone number stored in user meta, including administrators, by verifying their own Firebase session and supplying the victim's phone number in the same request.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| glboy | OTP Login With Phone Number, OTP Verification |
Affected:
1.8.50 , ≤ 1.8.60
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T10:01:30.010604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T10:05:49.537Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.8.60",
"status": "affected",
"version": "1.8.50",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "lucky_buddy"
}
],
"descriptions": [
{
"lang": "en",
"value": "The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone number supplied in the request. The `idehweb_lwp_activate_through_firebase()` function validates that a Firebase OTP session is legitimate, but the `phoneNumber` returned by Firebase is never compared against the victim\u0027s stored phone number. This makes it possible for unauthenticated attackers to authenticate as any user who has a phone number stored in user meta, including administrators, by verifying their own Firebase session and supplying the victim\u0027s phone number in the same request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T06:43:41.811Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7fc410f2-5f2b-4eea-a0fb-fe58f988f95f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.60/inc/ajax-handlers.php#L649"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.60/inc/ajax-handlers.php#L659"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.60/inc/ajax-handlers.php#L1167"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/inc/ajax-handlers.php#L649"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3479314/login-with-phone-number/trunk/inc/ajax-handlers.php?old=3455810\u0026old_path=login-with-phone-number%2Ftrunk%2Finc%2Fajax-handlers.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-06T18:30:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-05-28T17:56:28.000Z",
"value": "Disclosed"
}
],
"title": "OTP Login With Phone Number, OTP Verification \u003c= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3655",
"datePublished": "2026-05-29T06:43:41.811Z",
"dateReserved": "2026-03-06T18:14:33.842Z",
"dateUpdated": "2026-05-29T10:05:49.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8342 (GCVE-0-2025-8342)
Vulnerability from cvelistv5 – Published: 2025-08-15 02:24 – Updated: 2026-04-08 16:59
VLAI
Title
WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass
Summary
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| glboy | OTP Login With Phone Number, OTP Verification |
Affected:
0 , ≤ 1.8.47
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:44:21.660059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:44:28.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.8.47",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arkadiusz Hydzik"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:59:41.038Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e74582f-8e94-4cba-a3eb-0a823a5235ad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.47/login-with-phonenumber.php#L4373"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.47/login-with-phonenumber.php#L4358"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3338150%40login-with-phone-number\u0026new=3338150%40login-with-phone-number\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-18T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-08-01T01:45:21.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-14T13:55:12.000Z",
"value": "Disclosed"
}
],
"title": "WooCommerce OTP Login With Phone Number, OTP Verification \u003c= 1.8.47 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8342",
"datePublished": "2025-08-15T02:24:22.094Z",
"dateReserved": "2025-07-30T08:58:29.280Z",
"dateUpdated": "2026-04-08T16:59:41.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6482 (GCVE-0-2024-6482)
Vulnerability from cvelistv5 – Published: 2024-09-14 12:31 – Updated: 2026-04-08 17:28
VLAI
Title
Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
Summary
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| glboy | OTP Login With Phone Number, OTP Verification |
Affected:
0 , ≤ 1.7.49
(semver)
|
|
| hamid-alinia-idehweb | login_with_phone_number |
Affected:
0 , ≤ 1.7.49
(custom)
cpe:2.3:a:hamid-alinia-idehweb:login_with_phone_number:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamid-alinia-idehweb:login_with_phone_number:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "login_with_phone_number",
"vendor": "hamid-alinia-idehweb",
"versions": [
{
"lessThanOrEqual": "1.7.49",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T19:39:53.769704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:42:48.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.7.49",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the \u0027lwp_update_password_action\u0027 function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:28:19.666Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7cde2c-142c-4004-9302-be335265d87d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L3803"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3129185/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-14T00:06:00.000Z",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6482",
"datePublished": "2024-09-14T12:31:08.795Z",
"dateReserved": "2024-07-03T16:05:30.839Z",
"dateUpdated": "2026-04-08T17:28:19.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6125 (GCVE-0-2024-6125)
Vulnerability from cvelistv5 – Published: 2024-06-19 02:01 – Updated: 2026-04-08 16:44
VLAI
Title
Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism
Summary
The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-640 - Weak Password Recovery Mechanism for Forgotten Password
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| glboy | OTP Login With Phone Number, OTP Verification |
Affected:
0 , ≤ 1.7.34
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:52:43.122791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:52:54.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.7.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:47.367Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-22T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-05-22T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-18T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.7.34 - Insecure Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6125",
"datePublished": "2024-06-19T02:01:20.049Z",
"dateReserved": "2024-06-18T13:49:13.613Z",
"dateUpdated": "2026-04-08T16:44:47.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5150 (GCVE-0-2024-5150)
Vulnerability from cvelistv5 – Published: 2024-05-29 02:00 – Updated: 2026-04-08 17:24
VLAI
Title
Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check
Summary
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| glboy | OTP Login With Phone Number, OTP Verification |
Affected:
0 , ≤ 1.7.26
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:26:09.785620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:26:30.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.7.26",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the \u0027activation_code\u0027 default value is empty, and the not empty check is missing in the \u0027lwp_ajax_register\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:24:37.444Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-20T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-05-20T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.7.26 - Authentication Bypass due to Missing Empty Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5150",
"datePublished": "2024-05-29T02:00:37.242Z",
"dateReserved": "2024-05-20T18:19:48.464Z",
"dateUpdated": "2026-04-08T17:24:37.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-4916 (GCVE-0-2023-4916)
Vulnerability from cvelistv5 – Published: 2023-09-13 02:54 – Updated: 2026-04-08 17:00
VLAI
Title
Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change
Summary
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| glboy | OTP Login With Phone Number, OTP Verification |
Affected:
0 , ≤ 1.5.6
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2967707#L2948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:35:21.914434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:29:27.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.5.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the \u0027lwp_update_password_action\u0027 function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:00:30.115Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2967707#L2948"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-05T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-05T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-09-12T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.5.6 - Cross-Site Request Forgery to User Password Change"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4916",
"datePublished": "2023-09-13T02:54:11.877Z",
"dateReserved": "2023-09-12T14:50:15.502Z",
"dateUpdated": "2026-04-08T17:00:30.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}