PT-2023-6551 · WordPress · Login With Phone Number Plugin For Wordpress
Joshua Martinelle
·
Publicado
2023-01-20
·
Atualizado
2023-10-06
·
CVE-2023-23492
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Login with Phone Number WordPress Plugin version < 1.4.2
Description
The issue is related to an authenticated SQL injection vulnerability in the
lwp forgot password action. Specifically, the vulnerability is associated with the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to execute arbitrary code. The ID parameter of the lwp forgot password action is vulnerable.Recommendations
For Login with Phone Number WordPress Plugin version < 1.4.2, update to version 1.4.2 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
lwp forgot password action until a patch is available.
Avoid using the ID parameter in the affected action until the issue is resolved.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Login With Phone Number Plugin For Wordpress