CVE-2024-6482

HIGH

WordPress <1.7.49 - Privilege Escalation

Title source: llm

Description

The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49.

References (3)

Core 3

Core References

Product

https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php#L3803

Patch

https://plugins.trac.wordpress.org/changeset/3129185/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/de7cde2c-142c-4004-9302-be335265d87d?source=cve

Scores

CVSS v3 8.8

EPSS 0.0047

EPSS Percentile 37.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

glboy/OTP Login With Phone Number, OTP Verification < 1.7.49

idehweb/login_with_phone_number 1.7.40 - 1.7.50

Published Sep 14, 2024

Tracked Since Feb 18, 2026