CVE-2025-9967
BaseFortify
Publication date: 2025-10-15
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | orion_sms_otp_verification | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Orion SMS OTP Verification plugin for WordPress allows an unauthenticated attacker to escalate privileges by taking over user accounts. This happens because the plugin does not properly verify a user's identity before allowing a password update. If the attacker knows a user's phone number, they can change that user's password to a one-time password, effectively gaining access to the account.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to user accounts by attackers who know the users' phone numbers. It allows attackers to change passwords without authentication, potentially compromising sensitive information, causing data breaches, and disrupting service availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Orion SMS OTP Verification plugin for WordPress to a version later than 1.1.7 where the issue is fixed. Additionally, restrict access to password reset functionality and monitor for suspicious password changes, especially those triggered by phone number inputs.