[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-jgs0ZMrCFV1KEtlDzb1QexRJQ_yi0aOfBMld_n5it8":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2024-32507","login-with-phone-number-unauthorized-account-password-change-to-privilege-escalation","Login with phone number \u003C= 1.7.16 - Unauthorized Account Password Change to Privilege Escalation","The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.16. This is due to the plugin not properly verifying the identity of a user who is trying to reset a password. This makes it possible for authenticated attackers, with subscriber-level access and above, to gain access to administrative user accounts.","login-with-phone-number",null,"\u003C=1.7.16","1.7.17","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Authorization Bypass Through User-Controlled Key","2024-04-15 00:00:00","2024-04-25 12:45:23",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F95247ff5-0277-4270-a1ea-221ea2ecee0c?source=api-prod",11]