CVE-2022-0593

Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion

EPSS 1.4%CWE-73

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 mar 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.

Produtos afetados

Unknown · Login with phone number

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://wordpress.org/plugins/login-with-phone-number https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3