Critical severity9.8NVD Advisory· Published Jan 17, 2026· Updated Apr 15, 2026

CVE-2025-10484

Description

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.

Affected products

WordPress/Registration Login With Mobile Phone Numberinferred
Range: <=1.3.1
Package: https://wordpress.org/plugins/registration-login-with-mobile-phone-number

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

woocommerce.com/products/registration-login-with-mobile-phone-number/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/6aef6fbb-be8c-49e1-ada5-7b4aa8b2ff72nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000