Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.8 views

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS6.9AI score0.0047EPSS
Exploits0References1
Circl
Circl
added 2024/01/11 8:31 a.m.6 views

CVE-2023-6506

creationtimestamp| type| source ---|---|--- 2024-01-11 08:31:29+00:00| seen| https://t.me/ctinow/166355 2024-01-23 14:56:41+00:00| seen| https://t.me/ctinow/172004...

4.3CVSS6.2AI score0.0047EPSS
Exploits0References2
NVD
NVD
added 2024/01/11 7:15 a.m.30 views

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS4.6AI score0.0047EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/11 6:49 a.m.5 views

CVE-2023-6506 WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

4.3CVSS6.8AI score0.0047EPSS
Exploits0References3
CVE
CVE
added 2024/01/11 6:49 a.m.91 views

CVE-2023-6506

The CVE-2023-6506 entry concerns the WP 2FA – Two-factor authentication for WordPress plugin. Affected: WP 2FA, versions up to and including 2.5.0. Issue: insecure direct object reference (IDOR) via send_backup_codes_email caused by missing validation on a user-controlled key, enabling subscriber...

4.3CVSS5AI score0.0047EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.16 views

WordPress WP 2FA Plugin <= 2.5.0 is vulnerable to Insecure Direct Object References (IDOR)

Software WP 2FA Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.6.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6506 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 04c088b10b91 Credits Ulyses Saicha Required...

4.3CVSS6.5AI score0.0047EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder