← volver
CVE-2022-0593

Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion

EPSS 1.4%CWE-73
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 mar 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
Productos afectados
Unknown · Login with phone number

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wordpress.org/plugins/login-with-phone-numberhttps://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3