PT-2025-33428 · WordPress · Woocommerce Otp Login With Phone Number
Arkadiusz Hydzik
·
Published
2025-08-15
·
Updated
2025-08-20
·
CVE-2025-8342
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress versions up to and including 1.8.47
Description:
The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is susceptible to authentication bypass due to inadequate empty value checking within the
lwp ajax register function. This allows unauthenticated attackers to circumvent OTP verification and potentially gain administrative access to user accounts with a configured phone number. The issue arises from improper Firebase API error handling when the Firebase API key is not configured.Recommendations:
Update the WooCommerce OTP Login With Phone Number, OTP Verification plugin to a version later than 1.8.47.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce Otp Login With Phone Number