Lucene search
HistoryJan 20, 2023 - 7:15 p.m.
CVE-2023-23492
cve-2023-23492
wordpress plugin
sql injection
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.062 Low
EPSS
Percentile
93.6%
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the ‘ID’ parameter of its ‘lwp_forgot_password’ action.
Affected configurations
Node
idehweblogin_with_phone_numberRange<1.4.2wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| idehweb:login_with_phone_number | idehweb login with phone number | lt | 1.4.2 |
CNA Affected
[
{
"vendor": "n/a",
"product": "Login with Phone Number WordPress Plugin",
"versions": [
{
"version": "< 1.4.2",
"status": "affected"
}
]
}
]Related
nuclei
nuclei
Login with Phone Number - Cross-Site Scripting
2023-03-05 13:42:10
openvas
openvas
WordPress Login with Phone Number Plugin < 1.4.2 XSS Vulnerability
2023-08-28 00:00:00
wpvulndb
wpvulndb
Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
wpexploit
wpexploit
Login with Phone Number < 1.4.2 - Reflected Cross-Site Scripting
2023-01-12 00:00:00
nvd
nvd
CVE-2023-23492
2023-01-20 19:15:18
prion
prion
Sql injection
2023-01-20 19:15:00
cvelist
cvelist
CVE-2023-23492
2023-01-20 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.062 Low
EPSS
Percentile
93.6%
Related for CVE-2023-23492