Is CVE-2023-23492 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Login With Phone Number Wordpress Plugin

Q: What is CVE-2023-23492?

CVE-2023-23492 is a vulnerability in Login With Phone Number Wordpress Plugin. Published 2023-01-20.

CVE-2023-23492

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.

EPSS: 0.852 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Login With Phone Number Wordpress Plugin — versions < 1.4.2

Public proof-of-concept exploits

ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
JoshuaMart/JoshuaMart

References

www.tenable.com/security/research/tra-2023-3

Frequently asked questions

What is CVE-2023-23492?: CVE-2023-23492 is a vulnerability in Login With Phone Number Wordpress Plugin. Published 2023-01-20.
Is CVE-2023-23492 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.