CVE-2022-0593: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2022-0593 affects the WordPress plugin 'Login with phone number' versions prior to 1.3.7. This security flaw was discovered and publicly disclosed on February 16, 2022. The vulnerability allows unauthenticated users to remotely delete plugin files, potentially leading to a Denial of Service situation (WPScan).

The vulnerability exists due to a file named 'delete.php' being included in the plugin directory without any authentication or authorization checks. This implementation flaw is classified as a File Deletion vulnerability and falls under the OWASP Top 10 category A6: Security Misconfiguration. The vulnerability has been assigned a CVSS score of 5.3 (medium) and is associated with CWE-73 (WPScan).

When exploited, this vulnerability allows an unauthenticated attacker to remotely delete the plugin files from the WordPress installation. This can result in a Denial of Service condition by disabling the plugin's functionality on the affected website (WPScan).

The vulnerability has been fixed in version 1.3.7 of the Login with phone number plugin. Website administrators should update to this version or later to protect against this security issue. The fix includes removing the delete.php file and adding proper security checks (WPScan).