Vulnerability Description
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Idehweb | Login With Phone Number | < 1.3.7 |
Related Weaknesses (CWE)
References
- https://wordpress.org/plugins/login-with-phone-numberThird Party Advisory
- https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3ExploitThird Party Advisory
- https://wordpress.org/plugins/login-with-phone-numberThird Party Advisory
- https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3ExploitThird Party Advisory
FAQ
What is CVE-2022-0593?
CVE-2022-0593 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated use...
How severe is CVE-2022-0593?
CVE-2022-0593 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0593?
Check the references section above for vendor advisories and patch information. Affected products include: Idehweb Login With Phone Number.