WordPress · Registration & Login With Mobile Phone Number For Woocommerce · CVE-2025-10484
**Name of the Vulnerable Software and Affected Versions**
Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress versions prior to 1.3.2
**Description**
The plugin does not properly verify a user’s identity prior to authentication, specifically through the `fma lwp set session php fun()` function. This allows unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.
**Recommendations**
Update the Registration & Login with Mobile Phone Number for WooCommerce plugin to version 1.3.2 or later.