CVE-2025-7692 – SolarWinds Orion WordPress SMS Authentication Bypass Vulnerability

July 22, 2025

CVE ID : CVE-2025-7692

Published : July 22, 2025, 10:15 a.m. | 14 hours, 29 minutes ago

Description : The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on the number of attempts to submit the code. This makes it possible for unauthenticated attackers to log in as other users, including administrators, if they have access to their phone number.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4285 – Rolantis Agentis SQL Injection Vulnerability

Next Article CVE-2025-6187 – bSecure for WordPress Privilege Escalation Vulnerability

Highlights

CVE-2025-48875 – FreeScout Cross-Site Scripting (XSS) Vulnerability

May 30, 2025

CVE ID : CVE-2025-48875

Published : May 30, 2025, 7:15 a.m. | 2 hours, 21 minutes ago

Description : FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system’s incorrect validation of last_name and first_name during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This issue has been patched in version 1.8.181.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-7692 – SolarWinds Orion WordPress SMS Authentication Bypass Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Course: WordPress Theme Development (Core Concepts)

CVE-2025-53942 – Authentik OAuth/SAML Deactivated User Partial Access Vulnerability

CVE-2025-5730 – WordPress Contact Form Plugin Stored Cross-Site Scripting Vulnerability

Fixing WordPress HTTPS Mixed Content Error

CVE-2025-48875 – FreeScout Cross-Site Scripting (XSS) Vulnerability

CVE-2024-56193 – “Bluetooth Adapter Permissions Bypass Vulnerability in [Vendor Name]”

Apple Music lets you see your most played songs from the past decade now – here’s where

React 19: Revolutionizing Web Development with New Features

CVE-2025-7692 – SolarWinds Orion WordPress SMS Authentication Bypass Vulnerability

Related Posts