PT-2026-3355 · WordPress · Registration & Login With Mobile Phone Number For Woocommerce

Vahan Petrosyan

Publicado

2026-01-17

Atualizado

2026-01-30

CVE-2025-10484

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress versions prior to 1.3.2

Description The plugin does not properly verify a user’s identity prior to authentication, specifically through the fma lwp set session php fun() function. This allows unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.

Recommendations Update the Registration & Login with Mobile Phone Number for WooCommerce plugin to version 1.3.2 or later.

Correção

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288

Identificadores relacionados

CVE-2025-10484

Produtos afetados

Registration & Login With Mobile Phone Number For Woocommerce

PT-2026-3355 · WordPress · Registration & Login With Mobile Phone Number For Woocommerce

CVE-2025-10484

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10