CVE-2024-32507 (GCVE-0-2024-32507)
Vulnerability from cvelistv5 – Published: 2024-05-17 08:55 – Updated: 2026-04-28 16:09
VLAI?
Title
WordPress Login with phone number plugin <= 1.7.16 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16.
Severity ?
8.8 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hamid Alinia | Login with phone number |
Affected:
0 , ≤ 1.7.16
(custom)
|
Date Public ?
2026-04-01 16:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T17:17:35.723445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:51:41.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:13:39.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "login-with-phone-number",
"product": "Login with phone number",
"vendor": "Hamid Alinia",
"versions": [
{
"changes": [
{
"at": "1.7.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.7.16",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emili Castells | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:24:53.849Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.\u003cp\u003eThis issue affects Login with phone number: from n/a through \u003c= 1.7.16.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through \u003c= 1.7.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:35.888Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/login-with-phone-number/vulnerability/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress Login with phone number plugin \u003c= 1.7.16 - Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-32507",
"datePublished": "2024-05-17T08:55:21.488Z",
"dateReserved": "2024-04-15T09:12:58.411Z",
"dateUpdated": "2026-04-28T16:09:35.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-32507",
"date": "2026-04-28",
"epss": "0.01723",
"percentile": "0.82485"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-32507\",\"sourceIdentifier\":\"audit@patchstack.com\",\"published\":\"2024-05-17T09:15:36.303\",\"lastModified\":\"2026-04-23T15:18:16.170\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through \u003c= 1.7.16.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de gesti\u00f3n de privilegios incorrecta en Hamid Alinia \u2013 idehweb El inicio de sesi\u00f3n con n\u00famero de tel\u00e9fono permite la escalada de privilegios. Este problema afecta el inicio de sesi\u00f3n con n\u00famero de tel\u00e9fono: desde n/a hasta 1.7.16.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"audit@patchstack.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]}],\"references\":[{\"url\":\"https://patchstack.com/database/Wordpress/Plugin/login-with-phone-number/vulnerability/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve\",\"source\":\"audit@patchstack.com\"},{\"url\":\"https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:13:39.335Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-32507\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-22T17:17:35.723445Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-22T17:17:46.066Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"WordPress Login with phone number plugin \u003c= 1.7.16 - Privilege Escalation vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Emili Castells (Patchstack Alliance)\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hamid Alinia \\u2013 idehweb\", \"product\": \"Login with phone number\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.7.17\", \"status\": \"unaffected\"}], \"version\": \"n/a\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.7.16\"}], \"packageName\": \"login-with-phone-number\", \"collectionURL\": \"https://wordpress.org/plugins\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Update to 1.7.17 or a higher version.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Update to 1.7.17 or a higher version.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://patchstack.com/database/vulnerability/login-with-phone-number/wordpress-login-with-phone-number-plugin-1-7-16-privilege-escalation-vulnerability?_s_id=cve\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Privilege Management vulnerability in Hamid Alinia \\u2013 idehweb Login with phone number allows Privilege Escalation.This issue affects Login with phone number: from n/a through 1.7.16.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Privilege Management vulnerability in Hamid Alinia \\u2013 idehweb Login with phone number allows Privilege Escalation.\u003cp\u003eThis issue affects Login with phone number: from n/a through 1.7.16.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"shortName\": \"Patchstack\", \"dateUpdated\": \"2024-05-17T08:55:21.488Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-32507\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:13:39.335Z\", \"dateReserved\": \"2024-04-15T09:12:58.411Z\", \"assignerOrgId\": \"21595511-bba5-4825-b968-b78d1f9984a3\", \"datePublished\": \"2024-05-17T08:55:21.488Z\", \"assignerShortName\": \"Patchstack\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…