Lucene search
PRIOn knowledge basePRION:CVE-2022-0992HistoryApr 19, 2022 - 9:15 p.m.
Authentication flaw
2022-04-1921:15:00
PRIOn knowledge base
www.prio-n.com
2
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
| CPE | Name | Operator | Version |
|---|---|---|---|
| security_optimizer | lt | 1.2.6 |
Related
cvelist
cvelist
CVE-2022-0992
2022-04-19 20:26:33
nvd
nvd
CVE-2022-0992
2022-04-19 21:15:13
patchstack
patchstack
wpvulndb
wpvulndb
cve
cve
CVE-2022-0992
2022-04-19 21:15:13
zdt
zdt
WordPress SiteGround Security 1.2.5 Authentication Bypass Vulnerability
2022-04-08 00:00:00
packetstorm
packetstorm
WordPress SiteGround Security 1.2.5 Authentication Bypass
2022-04-08 00:00:00
wordfence
wordfence