Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php’ file in the ‘lwp_forgot_password()’ function.
View the template here CVE-2023-23492.yaml
References:
https://github.com/ARPSyndicate/cvemon