PT-2026-3355 · WordPress · Registration & Login With Mobile Phone Number For Woocommerce

Vahan Petrosyan

Published

2026-01-17

Updated

2026-01-30

CVE-2025-10484

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress versions prior to 1.3.2

Description The plugin does not properly verify a user’s identity prior to authentication, specifically through the fma lwp set session php fun() function. This allows unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.

Recommendations Update the Registration & Login with Mobile Phone Number for WooCommerce plugin to version 1.3.2 or later.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2025-10484

Affected Products

Registration & Login With Mobile Phone Number For Woocommerce

PT-2026-3355 · WordPress · Registration & Login With Mobile Phone Number For Woocommerce

CVE-2025-10484

Weakness Enumeration

Related Identifiers

Affected Products

References · 10