CVE-2025-10294

Name of the Vulnerable Software and Affected Versions OwnID Passwordless Login plugin for WordPress versions prior to 1.3.5

Description The OwnID Passwordless Login plugin for WordPress is susceptible to an Authentication Bypass. This occurs because the plugin does not adequately verify if the ownid shared secret value is empty before authenticating a user via JWT. This allows unauthenticated attackers to log in as other users, including administrators, in instances where the plugin is not fully configured.

Recommendations Versions prior to 1.3.5 should be updated to version 1.3.5 or later.