Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.
6AI Score
0.003EPSS
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
8.8AI Score
0.002EPSS
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
9.8CVSS
9.3AI Score
0.001EPSS