WordPress Plugin Vulnerabilities

Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion

Description

The plugin includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.

Proof of Concept

http://example/wp-content/plugins/login-with-phone-number/delete.php?delete=1

Affects Plugins

Plugin icon
login-with-phone-number
Fixed in 1.3.7

References

CVE
CVE-2022-0593
URL
https://wordpress.org/plugins/login-with-phone-number

Classification

Type
FILE DELETION
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-73
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Michal Lipinski
Submitter
Michal Lipinski
Submitter website
https://beastiecode.com
Verified
Yes
WPVDB ID
76a50157-04b5-43e8-afbc-a6ddf6d1cba3

Timeline

Publicly Published
2022-02-16 (about 2 years ago)
Added
2022-02-16 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2020-10-07
Title
HyperComments <= 1.2.2 - Unauthenticated Arbitrary File Deletion
Published
2022-11-29
Title
Simple:Press < 6.8.1 - Subscriber+ Arbitrary File Deletion
Published
2023-10-11
Title
AI ChatBot < 4.9.1 - Subscriber+ Arbitrary File Deletion
Published
2022-08-03
Title
Download Manager < 3.2.51 - Contributor+ Arbitrary File Deletion
Published
2023-12-26
Title
Media File Renamer < 5.7.8 - Admin+ Remote Code Execution