3 matches found
CVE-2024-9687
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-9687 WP 2FA with Telegram <= 3.0 - Authenticated (Subscriber+) Authentication Bypass
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validatetg' action. This makes it possible for authenticated attackers, with subscriber-level...
WordPress WP 2FA with Telegram Plugin <= 3.0 is vulnerable to Broken Authentication
Software WP 2FA with Telegram Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9687 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c6f09889bfbf Credits István...