CVE-2025-10484

CRITICAL 9.8

Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not properly verifying a users identity prior to authenticating them via the fma_lwp_set_session_php_fun() function. This makes it possible for unauthenticated attackers to authenticate as any user on the site, including administrators, without a valid password.

CWE	CWE-288
Vendor	fmeaddons
Product	registration & login with mobile phone number for woocommerce
Published	Jan 17, 2026
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for fmeaddons registration & login with mobile phone number for woocommerce

Be the first to know when new critical vulnerabilities affecting fmeaddons registration & login with mobile phone number for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

FmeAddons / Registration & Login with Mobile Phone Number for WooCommerce

0 ≤ 1.3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/6aef6fbb-be8c-49e1-ada5-7b4aa8b2ff72?source=cve woocommerce.com: https://woocommerce.com/products/registration-login-with-mobile-phone-number/

Credits

Vahan Petrosyan