Lucene search
PatchstackCVELIST:CVE-2022-44587HistoryJun 21, 2024 - 3:54 p.m.
CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
2024-06-2115:54:52
CWE-532
Patchstack
www.cve.org
3
wordpress
2fa
sensitive data
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
37.3%
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-2fa",
"product": "WP 2FA",
"versions": [
{
"changes": [
{
"at": "2.6.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-44587
2024-06-21 16:15:10
vulnrichment
vulnrichment
nvd
nvd
CVE-2022-44587
2024-06-21 16:15:10
wordfence
wordfence
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
37.3%
Related for CVELIST:CVE-2022-44587