This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Broken Access Control in 'Registration & Login with Mobile Phone Number for WooCommerce'. π **Consequences**: Full system compromise. High impact on Confidentiality, Integrity, and Availability.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: CWE-862 (Missing Authorization). β οΈ **Flaw**: The plugin fails to verify if the user has permission to access specific resources.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress Plugin: 'Registration & Login with Mobile Phone Number for WooCommerce'. π’ **Version**: 1.3.1 and earlier. π’ **Vendor**: FmeAddons.
Q4What can hackers do? (Privileges/Data)
π **Hackers Can**: Access sensitive data (Confidentiality). π§ **Modify**: System configurations and data (Integrity). π« **Disrupt**: Service availability (Availability).
π« **Public Exp?**: No PoCs listed in data. π’ **Status**: Theoretical risk based on CVSS score. No wild exploitation confirmed yet.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for plugin version < 1.3.1. π **Verify**: Check for 'Registration & Login with Mobile Phone Number for WooCommerce'. π οΈ **Tool**: Use WPScan or similar vulnerability scanners.
Q8Is it fixed officially? (Patch/Mitigation)
π§ **Fix**: Update plugin to version > 1.3.1. π₯ **Source**: Check vendor (FmeAddons) or Patchstack for official patch. π **Published**: 2026-01-22.
Q9What if no patch? (Workaround)
π§ **Workaround**: Disable the plugin if not essential. π **Restrict**: Limit access to admin endpoints. π **Monitor**: Watch for unauthorized registration/login attempts via mobile.
Q10Is it urgent? (Priority Suggestion)
π₯ **Priority**: CRITICAL. π **CVSS**: 9.8 (High). β‘ **Action**: Patch immediately. Remote unauthenticated access is a severe threat.