Wp 2fa Security Vulnerabilities and Issues — Wp 2fa CVE List

Lucene search

MelapressWp 2fa

5 matches found

CVE•added 2024/01/11 7:15 a.m.•66 views

CVE-2023-6520

The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated...

4.3CVSS4.8AI score0.00195EPSS

CVE•added 2024/03/21 5:15 p.m.•58 views

CVE-2022-44595

Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.

5.3CVSS5.4AI score0.00124EPSS

CVE•added 2024/06/21 4:15 p.m.•48 views

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.

7.5CVSS6.4AI score0.00307EPSS

CVE•added 2024/04/18 10:15 a.m.•46 views

CVE-2024-32568

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.

7.1CVSS6.8AI score0.0083EPSS

CVE•added 2022/10/10 9:15 p.m.•42 views

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.

5.9CVSS5.6AI score0.00419EPSS