Primary

Context

WordPress Registration and Login with Mobile Phone Number for WooCommerce Broken Access Control Vulnerability

Vulnerability

A broken access control vulnerability has been identified in the WordPress plugin 'Registration & Login with Mobile Phone Number for WooCommerce', affecting versions through 1.3.1. This vulnerability arises from missing authorization checks, allowing unauthorized users to perform actions reserved for higher privileges.

Impact

Exploitation of this vulnerability could allow unauthorized users to access or modify data or perform actions with elevated privileges, bypassing normal access controls.

Remediation

Users of the 'Registration & Login with Mobile Phone Number for WooCommerce' plugin should update to version 1.3.2 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jan 22, 2026, 8:35 PM

Updated: Jan 22, 2026, 8:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Registration and Login with Mobile Phone Number for WooCommerce Broken Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating