Vulnerability Details : CVE-2022-0593
Potential exploit
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
Vulnerability category: File inclusionDenial of service
Products affected by CVE-2022-0593
- cpe:2.3:a:idehweb:login_with_phone_number:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-0593
0.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-0593
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
3.9
|
2.5
|
NIST |
CWE ids for CVE-2022-0593
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: contact@wpscan.com (Primary)
References for CVE-2022-0593
-
https://wordpress.org/plugins/login-with-phone-number
Login with phone number – WordPress plugin | WordPress.orgThird Party Advisory
-
https://wpscan.com/vulnerability/76a50157-04b5-43e8-afbc-a6ddf6d1cba3
Attention Required! | CloudflareExploit;Third Party Advisory
Jump to