CVE-2023-23492

Summary

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.

Affected Software

VendorProductVersion RangeStatus
n/aLogin with Phone Number WordPress Plugin< 1.4.2affected

Weaknesses

  • Reflected Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References