2 matches found
CVE-2024-9820
CVE-2024-9820 affects the WP 2FA with Telegram WordPress plugin. Versions up to and including 3.0 store the two‑factor code in a cookie, enabling an authentication bypass for two‑factor authentication. The issue was reported with root cause a cookie‑based bypass vector and affects the WP 2FA with...
CVE-2024-9687
The CVE-2024-9687 vulnerability affects WP 2FA with Telegram for WordPress in versions up to 3.0. Root cause: insufficient validation of the user-controlled key on the validate_tg action, enabling authentication bypass for authenticated users with subscriber-level permissions and above to log in ...