CVE-2022-0593
N/A
N/A
Summary
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Login with phone number | 1.3.7 < 1.3.7 | affected |
Weaknesses
- CWE-73: CWE-73 External Control of File Name or Path
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3
- https://wordpress.org/plugins/login-with-phone-number
References
- https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3
- https://wordpress.org/plugins/login-with-phone-number
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.