2 matches found
CVE-2018-20231
Cross Site Request Forgery CSRF in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfaenabletfa parameter due to missing nonce validation...
CVE-2018-20231
CVE-2018-20231 affects the WordPress Two Factor Authentication plugin (pre-1.3.13). The vulnerability is a CSRF flaw that allows remote attackers to disable 2FA by triggering tfa_enable_tfa due to missing nonce validation. Impact is partial to high: it can disable two-factor protection, leaving a...