EUVD-2022-24825

Malicious code in bioql PyPI...

EUVD-2024-30370

Malicious code in bioql PyPI...

EUVD-2022-47525

Malicious code in bioql PyPI...

EUVD-2022-47533

Malicious code in bioql PyPI...

CVE-2023-6506

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the sendbackupcodesemail due to missing validation on a user controlled key. This makes it possible for subscriber-level...

CVE-2022-44595

Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0...

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

CVE-2024-32568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through = 2.6.2...

WordPress WP 2FA with Telegram Plugin <= 3.0 is vulnerable to Broken Authentication

Software WP 2FA with Telegram Type Plugin Vulnerable versions = 3.0 Fixed in 3.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9687 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c6f09889bfbf Credits István...

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

CVE-2022-44587

Technical details about CVE-2022-44587 (WP 2FA) are not provided in the connected documents. Monitor for updates from vendors/security advisories; current entries indicate log-file exposure but lack specifics on affected versions, fixes, or exploitation.

CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3...

WordPress WP 2FA Plugin <= 2.6.3 is vulnerable to Sensitive Data Exposure

Software WP 2FA Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2022-44587 Patch priority Low CVSS severity Low 5.3 Developer Melapress PSID b28422640e7b Credits Snicco Required privilege Unauthenticate...

CVE-2024-32568

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through = 2.6.2...

CVE-2024-32568

The CVE-2024-32568 entry concerns Melapress WP 2FA with a Reflected XSS due to improper input neutralization in web page generation. Affected versions are from n/a through 2.6.2. The provided documents do not specify a vendor, product build, or a confirmed patch/mitigation. No exploit details or ...

CVE-2024-32568 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through = 2.6.2...

CVE-2024-32568 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2...

PT-2024-24689 · Melapress · Melapress Wp 2Fa

Name of the Vulnerable Software and Affected Versions: Melapress WP 2FA versions n/a through 2.6.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inje...

WordPress WP 2FA Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)

Software WP 2FA Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32568 Patch priority Medium CVSS severity Medium 7.1 Developer Melapress PSID d4b67294d441 Credits Rafie Muhammad Patchstack Required privilege...