CVE-2025-7692
📋 TL;DR
The Orion Login with SMS WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user, including administrators, if they know the target's phone number. This affects all versions up to 1.0.5 due to weak OTP implementation and no brute force protection. WordPress sites using this plugin are vulnerable.
💻 Affected Systems
- Orion Login with SMS WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to WordPress sites, enabling complete site takeover, data theft, malware installation, and defacement.
Likely Case
Targeted attacks against administrators or high-privilege users leading to unauthorized access and potential data compromise.
If Mitigated
Limited to attempts against users with known phone numbers, but still enables account takeover.
🎯 Exploit Status
Exploitation requires knowing the target's phone number but is otherwise straightforward with public technical details available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.6 or later
Vendor Advisory: https://wordpress.org/plugins/orion-login-with-sms/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Orion Login with SMS' and update to version 1.0.6 or later. 4. If update not available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable the plugin
allDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate orion-login-with-sms
Restrict login attempts
allImplement rate limiting on login endpoints via web application firewall or security plugin
🧯 If You Can't Patch
- Immediately deactivate and remove the Orion Login with SMS plugin from all WordPress installations
- Implement IP-based rate limiting and monitor for suspicious authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for 'Orion Login with SMS' version 1.0.5 or earlierCheck Version:
wp plugin get orion-login-with-sms --field=versionVerify Fix Applied:
Verify plugin version is 1.0.6 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple failed OTP verification attempts from single IP
- Successful logins from unusual IPs/locations
- Admin user logins from non-standard IPs
Network Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=olws_handle_verify_phone
- Brute force patterns against SMS verification endpoints
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data CONTAINS "olws_handle_verify_phone")