CVSS 3.1 Score 8.1 of 10 (high)


Published Jun 19, 2024
Updated: Jun 20, 2024


CVE-2024-6125 is a vulnerability in the Login with phone number plugin for WordPress, affecting versions up to and including 1.7.34. The vulnerability allows unauthenticated attackers to reset the password of arbitrary users by guessing a 6-digit numeric reset code. This is due to the plugin generating weak reset codes without any attempt or time limit. The potential danger posed by this vulnerability is high, with a base severity rating of HIGH and impacts on integrity and confidentiality. The affected products include various versions of WordPress plugins, and the remediation would involve updating the Login with phone number plugin to a version that fixes this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-6125 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions