CVE-2022-0593

Published: Mar 14, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.

Affected (1)

Products: Idehweb: Login With Phone Number

1 product

Login With Phone Number

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Idehweb Login With Phone Number	Before 1.3.7

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (4)

https://wordpress.org/plugins/login-with-phone-number

Source: contact@wpscan.com

Third Party Advisory

https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wordpress.org/plugins/login-with-phone-number

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.