Lucene search

K
patchstackMaycon VitaliPATCHSTACK:BC218A321A8FFA7313B2669576E69746
HistoryApr 29, 2022 - 12:00 a.m.

WordPress WP 2FA plugin <= 2.1.0 - Arbitrary 2FA Disabling via Insecure Direct Object References (IDOR) vulnerability

2022-04-2900:00:00
Maycon Vitali
patchstack.com
5

Arbitrary 2FA Disabling via Insecure Direct Object References (IDOR) vulnerability discovered by Maycon Vitali in WordPress WP 2FA plugin (versions <= 2.1.0).

Solution

           Update the WordPress WP 2FA plugin to the latest available version (at least 2.2.0).
CPENameOperatorVersion
wp 2fale2.1.0