Tag
The OTP Login With Phone Number, OTP Verification plugin for WordPress versions 1.8.50 through 1.8.60 is vulnerable to authentication bypass due to improper validation of the Firebase session, allowing unauthenticated attackers to authenticate as arbitrary users, including administrators, by supplying a victim's phone number.