A high-severity vulnerability has been identified in the Orion Login with SMS plugin for WordPress, which could allow an unauthenticated attacker to bypass login procedures and gain unauthorized access to user accounts. Successful exploitation could lead to a complete compromise of the affected WordPress site, including administrative accounts, resulting in data theft, website defacement, or further malicious activity. Organizations using this plugin are urged to take immediate action to mitigate this critical risk.

The Orion Login with SMS plugin is vulnerable to an authentication bypass flaw. An attacker can exploit this weakness by manipulating the SMS verification process during login. This likely involves bypassing the One-Time Password (OTP) validation check, allowing the attacker to successfully authenticate as any user on the WordPress site without needing valid credentials, provided they know the target user's username or associated phone number.

This vulnerability is rated as High severity with a CVSS score of 8.1. A successful exploit could have a severe impact on the business. An attacker gaining administrative access could lead to a complete site takeover, resulting in the theft of sensitive customer data (PII), intellectual property, or payment information. Further consequences include reputational damage, financial loss from business disruption, and potential regulatory fines for data breaches. The compromised website could also be used to host malware or launch phishing attacks against customers and visitors.

Immediate Action:

• Update Plugin: Immediately update the "Orion Login with SMS" plugin to the latest patched version (greater than 1.0) as recommended by the vendor.
• Review and Remove: If the plugin is not essential for business operations, the recommended course of action is to deactivate and uninstall it completely to eliminate the attack surface.
• Audit Users: After patching, perform a full audit of all user accounts, especially administrative ones, to ensure no unauthorized accounts have been created or permissions escalated.

Proactive Monitoring:

• Review web server and WordPress audit logs for suspicious login activity, particularly multiple failed login attempts followed by a success from the same IP address targeting the SMS login feature.
• Monitor for the creation of new user accounts with high privileges or unexpected changes to existing user roles.
• Implement file integrity monitoring to detect unauthorized changes to core WordPress files, themes, or plugins.

Compensating Controls:

• If immediate patching is not feasible, temporarily disable the "Orion Login with SMS" plugin to remove the vulnerable entry point.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to block malicious requests targeting the plugin's known vulnerable endpoints.
• Enforce a strict IP allow-list for accessing the WordPress administrative dashboard (/wp-admin/).

Public Exploit Available: False

Given the high severity (CVSS 8.1) of this authentication bypass vulnerability, immediate remediation is strongly recommended. A successful attack would grant an adversary complete control over the affected website. Although this CVE is not currently listed on the CISA KEV catalog, its impact is significant. Organizations must prioritize applying the vendor-supplied patch or disabling the vulnerable plugin without delay to prevent potential compromise.