Report
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.16. This is due to the plugin not properly verifying the identity of a user who is trying to reset a password. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to administrative user accounts.
Score:8.8
Severity:High
Version: 1.7.16
There is a patch available in v1.7.17 and we strongly recommend you update to this version as soon as possible.
