CVE-2024-6125

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jun 19, 2024

Updated: Jun 20, 2024

Summary

CVE-2024-6125 is a vulnerability affecting the Login with phone number plugin for WordPress. In versions up to 1.7.34, this plugin generates weak reset codes for password resets, making it susceptible to unauthorized password resets by unauthenticated attackers. The reset codes consist of only six digits and do not have any attempt or time limit, allowing attackers to guess the correct code and reset the password of arbitrary users. This poses a significant security risk and requires immediate attention from WordPress users to update the plugin to the latest version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wiOWdp
https://www.cve.org/CVERecord?id=CVE-2024-6125
https://nvd.nist.gov/vuln/detail/CVE-2024-6125

Back to Vulnerability Database

CVE-2024-6125

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations