Orion SMS OTP Verification Privilege Escalation Vulnerability via Account Takeover
Vulnerability
A privilege escalation vulnerability allowing account takeover has been identified in the Orion SMS OTP Verification plugin for WordPress, affecting all versions through 1.1.7. The issue arises because the plugin fails to properly verify a user's identity before allowing password changes. This flaw enables unauthenticated attackers to reset any user's password to a one-time password, provided they know the user's phone number.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling attackers to take over user accounts by resetting passwords to a one-time password.
Reproduction
To reproduce this vulnerability, an attacker must know the target user's phone number. The attacker can then initiate a password reset process through the plugin's interface, bypassing authentication checks and causing the user's password to be changed to a one-time password. This process can be automated or performed manually, taking advantage of the plugin's lack of proper identity verification.
Remediation
No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.