{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7692", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-15T19:31:18.509Z", "datePublished": "2025-07-22T09:22:42.768Z", "dateUpdated": "2026-04-08T16:45:10.015Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:45:10.015Z"}, "affected": [{"vendor": "gsayed786", "product": "Orion Login with SMS", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on the number of attempts to submit the code. This makes it possible for unauthenticated attackers to log in as other users, including administrators, if they have access to their phone number."}], "title": "Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31a47cbd-c19b-4ac3-87ed-2d4c5c0e9cb7?source=cve"}, {"url": "https://wordpress.org/plugins/orion-login-with-sms/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-07-21T20:51:51.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-22T13:20:21.151951Z", "id": "CVE-2025-7692", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T13:20:49.176Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7692", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-22T13:20:21.151951Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T13:20:40.984Z"}}], "cna": {"title": "Orion Login with SMS <= 1.0.5 - Authentication Bypass via Weak OTP", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "gsayed786", "product": "Orion Login with SMS", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-21T20:51:51.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31a47cbd-c19b-4ac3-87ed-2d4c5c0e9cb7?source=cve"}, {"url": "https://wordpress.org/plugins/orion-login-with-sms/"}], "descriptions": [{"lang": "en", "value": "The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on the number of attempts to submit the code. This makes it possible for unauthenticated attackers to log in as other users, including administrators, if they have access to their phone number."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:45:10.015Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7692", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:45:10.015Z", "dateReserved": "2025-07-15T19:31:18.509Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-22T09:22:42.768Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Orion Login with SMS plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the olws_handle_verify_phone() function not utilizing a strong enough OTP value, exposing the hash needed to generate the OTP value, and no restrictions on the number of attempts to submit the code. This makes it possible for unauthenticated attackers to log in as other users, including administrators, if they have access to their phone number."}, {"lang": "es", "value": "El complemento Orion Login with SMS para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 1.0.5 incluida. Esto se debe a que la funci\u00f3n olws_handle_verify_phone() no utiliza un valor OTP suficientemente seguro, lo que expone el hash necesario para generarlo y no hay restricciones en el n\u00famero de intentos para enviar el c\u00f3digo. Esto permite que atacantes no autenticados inicien sesi\u00f3n como otros usuarios, incluidos administradores, si tienen acceso a su n\u00famero de tel\u00e9fono."}], "id": "CVE-2025-7692", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-22T10:15:26.357", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/orion-login-with-sms/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/31a47cbd-c19b-4ac3-87ed-2d4c5c0e9cb7?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:37:37.215835+00:00", "value": {"mitigation_remediation": ["Upgrade Orion Login with SMS to the latest released version that fixes the authentication bypass.", "If an update cannot be applied immediately, disable or remove the plugin from the site to prevent exploitation while a fix is pending.", "After mitigation, audit user accounts for any unauthorized activity, reset passwords, and enable multi\u2011factor authentication to strengthen future resilience."], "summary": {"action": "Immediate Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Orion Login with SMS plugin version 1.0.5 or earlier, developed by gsayed786.", "description_and_impact": "The Orion Login with SMS plugin for WordPress allows an unauthenticated attacker to bypass authentication, because the olws_handle_verify_phone() function uses a weak one\u2011time password algorithm, exposes the hash needed to generate the OTP, and imposes no limit on OTP submission attempts. If an attacker can identify a user\u2019s phone number, they can log in as that user, including administrators. This flaw directly compromises the confidentiality and integrity of the site, potentially allowing full control over the WordPress instance.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 8.1, indicating high severity. The EPSS score is below 1%, suggesting that actual exploitation is currently low, and the flaw is not listed in CISA\u2019s KEV catalog. Attacks would likely be performed remotely via the WordPress login interface, and can succeed without any additional privileges if the attacker can obtain a target\u2019s phone number. The lack of attempt limits further eases exploitation. Overall, the risk is significant due to the high impact, though the exploitation probability remains limited at present."}}}}, "created": "2026-04-22T14:45:19.282178+00:00", "updated": "2026-04-22T14:45:19.282191+00:00", "vendors": []}