WordPress Plugin Vulnerabilities
Login with phone number < 1.7.35 - Insecure Password Reset Mechanism
Description
The plugin is vulnerable to unauthorized password resets due to generating too weak reset code, and the code used to reset the password has no attempt or time limit. This makes it possible for unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code.
Affects Plugins
References
Miscellaneous
Original Researcher
István Márton
Verified
No
WPVDB ID
Timeline
Publicly Published
2024-06-18 (about 2 years ago)
Added
2024-06-24 (about 2 years ago)
Last Updated
2024-06-24 (about 2 years ago)