2 matches found
CVE-2015-9355
CVE-2015-9355 affects the WordPress Two Factor Authentication plugin prior to version 1.1.10 and is a stored/reflected XSS vulnerability in the admin area. The vulnerability impacts the plugin’s admin UI, enabling client-side code execution. Public references (NVD, RH, CNVD, CVE lists) consistent...
CVE-2018-20231
CVE-2018-20231 affects the WordPress Two Factor Authentication plugin (pre-1.3.13). The vulnerability is a CSRF flaw that allows remote attackers to disable 2FA by triggering tfa_enable_tfa due to missing nonce validation. Impact is partial to high: it can disable two-factor protection, leaving a...