2 matches found
CVE-2024-10285 CE21 Suite <= 2.2.0 - JWT Token Disclosure
The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token...
GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...