The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the website.
Vulnerabilities
In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.

OTP Login/Signup Woocommerce by XootiX WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s phone number. Depending on whose phone number we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the website.

Profile Builder by Cozmoslabs WordPress plugin Privilege Escalation
The plugin is affected by an Insecure Password Reset Mechanism and a Sensitive Information Disclosure via Shortcode vulnerability, which leads to Privilege Escalation. The plugin has an improperly used method allowing to reset the user password, and gain unauthorized access. The key required for password reset, which is stored in the database, can be retrieved with the plugin’s shortcode as an authenticated user.

User Verification by PickPlugins WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the website.
ReviewX by WPDeveloper WordPress plugin Privilege Escalation
The plugin is affected by an Arbitrary Usermeta Update vulnerability, which leads to Privilege Escalation.