Search criteria
5 vulnerabilities by glboy
CVE-2025-8342 (GCVE-0-2025-8342)
Vulnerability from cvelistv5 – Published: 2025-08-15 02:24 – Updated: 2025-08-15 12:44
VLAI?
Title
WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass
Summary
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured.
Severity ?
8.1 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| glboy | WooCommerce OTP Login With Phone Number, OTP Verification |
Affected:
* , ≤ 1.8.47
(semver)
|
Credits
Arkadiusz Hydzik
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:44:21.660059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:44:28.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WooCommerce OTP Login With Phone Number, OTP Verification",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.8.47",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Arkadiusz Hydzik"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T02:24:22.094Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e74582f-8e94-4cba-a3eb-0a823a5235ad?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.47/login-with-phonenumber.php#L4373"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.8.47/login-with-phonenumber.php#L4358"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3338150%40login-with-phone-number\u0026new=3338150%40login-with-phone-number\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-18T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-08-01T01:45:21.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-08-14T13:55:12.000+00:00",
"value": "Disclosed"
}
],
"title": "WooCommerce OTP Login With Phone Number, OTP Verification \u003c= 1.8.47 - Authentication Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-8342",
"datePublished": "2025-08-15T02:24:22.094Z",
"dateReserved": "2025-07-30T08:58:29.280Z",
"dateUpdated": "2025-08-15T12:44:28.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6482 (GCVE-0-2024-6482)
Vulnerability from cvelistv5 – Published: 2024-09-14 12:31 – Updated: 2024-09-16 19:42
VLAI?
Title
Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation
Summary
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.
Severity ?
8.8 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| glboy | Login with phone number |
Affected:
* , ≤ 1.7.49
(semver)
|
Credits
Thanh Nam Tran
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hamid-alinia-idehweb:login_with_phone_number:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "login_with_phone_number",
"vendor": "hamid-alinia-idehweb",
"versions": [
{
"lessThanOrEqual": "1.7.49",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T19:39:53.769704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T19:42:48.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Login with phone number",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.7.49",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanh Nam Tran"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the \u0027lwp_update_password_action\u0027 function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-14T12:31:08.795Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de7cde2c-142c-4004-9302-be335265d87d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L3803"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3129185/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-14T00:06:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6482",
"datePublished": "2024-09-14T12:31:08.795Z",
"dateReserved": "2024-07-03T16:05:30.839Z",
"dateUpdated": "2024-09-16T19:42:48.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6125 (GCVE-0-2024-6125)
Vulnerability from cvelistv5 – Published: 2024-06-19 02:01 – Updated: 2024-08-01 21:33
VLAI?
Title
Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism
Summary
The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code.
Severity ?
8.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| glboy | Login with phone number |
Affected:
* , ≤ 1.7.34
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:52:43.122791Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:52:54.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Login with phone number",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.7.34",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.7.34. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T02:01:20.049Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/301a67a5-226c-413a-9198-66747d1b1fd3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3104085/login-with-phone-number#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-22T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-05-22T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-06-18T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.7.34 - Insecure Password Reset Mechanism"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-6125",
"datePublished": "2024-06-19T02:01:20.049Z",
"dateReserved": "2024-06-18T13:49:13.613Z",
"dateUpdated": "2024-08-01T21:33:05.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5150 (GCVE-0-2024-5150)
Vulnerability from cvelistv5 – Published: 2024-05-29 02:00 – Updated: 2024-08-01 21:03
VLAI?
Title
Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check
Summary
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27.
Severity ?
9.8 (Critical)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| glboy | Login with phone number |
Affected:
* , ≤ 1.7.26
(semver)
|
Credits
István Márton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:26:09.785620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:26:30.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:10.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Login with phone number",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.7.26",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the \u0027activation_code\u0027 default value is empty, and the not empty check is missing in the \u0027lwp_ajax_register\u0027 function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user email. The vulnerability is patched in version 1.7.26, but there is an issue in the patch that causes the entire function to not work, and this issue is fixed in version 1.7.27."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T02:00:37.242Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf34eb9f-f6e9-4a7a-8459-c86f9fa3dad8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4183"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4220"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/tags/1.7.25/login-with-phonenumber.php#L4241"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3090625/login-with-phone-number"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3090754/login-with-phone-number#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-20T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2024-05-20T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-05-28T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Login with phone number \u003c= 1.7.26 - Authentication Bypass due to Missing Empty Value Check"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-5150",
"datePublished": "2024-05-29T02:00:37.242Z",
"dateReserved": "2024-05-20T18:19:48.464Z",
"dateUpdated": "2024-08-01T21:03:10.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4916 (GCVE-0-2023-4916)
Vulnerability from cvelistv5 – Published: 2023-09-13 02:54 – Updated: 2025-02-05 19:29
VLAI?
Summary
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity ?
8.8 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| glboy | Login with phone number |
Affected:
* , ≤ 1.5.6
(semver)
|
Credits
Lana Codes
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:52.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2967707#L2948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:35:21.914434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T19:29:27.632Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Login with phone number",
"vendor": "glboy",
"versions": [
{
"lessThanOrEqual": "1.5.6",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lana Codes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the \u0027lwp_update_password_action\u0027 function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T13:34:01.237Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942"
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2967707#L2948"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-08-05T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-08-05T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-09-12T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-4916",
"datePublished": "2023-09-13T02:54:11.877Z",
"dateReserved": "2023-09-12T14:50:15.502Z",
"dateUpdated": "2025-02-05T19:29:27.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}