6.5
CVE-2022-0593
- EPSS 1.42%
- Veröffentlicht 14.03.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:38:59
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginLogin with phone number < 1.3.7 - Unauthenticated remote plugin deletion
Login with phone number <= 1.3.6 - Unauthenticated Remote Plugin Deletion
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
Mögliche Gegenmaßnahme
OTP Login With Phone Number, OTP Verification: Update to version 1.3.7, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Idehweb ≫ Login With Phone Number SwPlatformwordpress Version < 1.3.7
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
OTP Login With Phone Number, OTP Verification
Version
[*, 1.3.7)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.42% | 0.693 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-73 External Control of File Name or Path
The product allows user input to control or influence paths or file names that are used in filesystem operations.
https://wordpress.org/plugins/login-with-phone-number
https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3
https://www.wordfence.com/threat-intel/vulnerabilities/id/1716ef84-759e-4b40-aaa3-ae6ead41fcb5