Primary

Context

WPCOM Member Authentication Bypass Vulnerability via 'user_phone' Parameter

Vulnerability

Patched

A vulnerability allowing authentication bypass has been identified in the WPCOM Member plugin for WordPress, affecting all versions through 1.7.5. The issue arises from inadequate validation of the 'user_phone' parameter during the login process. This flaw enables unauthenticated attackers to log in as any existing user, including administrators, if SMS login is activated.

Impact

Exploitation of this vulnerability allows for unauthorized access to user accounts, potentially including administrative accounts, depending on the targeted user.

Reproduction

To reproduce this vulnerability, send a login request to the WordPress site with the 'user_phone' parameter. If SMS login is enabled, the request will bypass authentication and log in as the user associated with the phone number, regardless of whether the attacker has permission to access that account.

Remediation

Users are advised to update the WPCOM Member plugin to version 1.7.6 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

9.3

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPCOM Member Authentication Bypass Vulnerability via 'user_phone' Parameter

Vulnerability

Impact

Reproduction

Remediation

Affected Products

WPCOM Member

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating