What the vulnerability does
01Description
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registration & Login with Mobile Phone Number for WooCommerce: from n/a through <= 1.3.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Registration & Login with Mobile Phone Number for WooCommerce plugin through version 1.3.1 lacks proper authorization checks, allowing unauthenticated attackers to access sensitive functionality without restrictions. An attacker can exploit this over the network without any special conditions or user interaction. This affects all installations of the plugin up to and including version 1.3.1.
What an attacker can do
03Attacker Capabilities
Access and modify sensitive plugin functionality without authentication or authorization.
Potential impact on your site
04Site Impact
Attackers can read, modify, or delete user data and WooCommerce settings without logging in.
Conditions required to exploit
05Prerequisites
Network access only; no authentication, special conditions, or user interaction required.
Key dates
06Disclosure timeline
January 22, 2026
CVE published
April 28, 2026
Record updated