wagtail-2fa is vulnerable 2fa bypass. An attacker with knowledge of another user’s Wagtail login credentials is able to bypass the 2FA verification by modifying the URL, and subsequently add a new device and gain full access to the CMS.
CPE | Name | Operator | Version |
---|---|---|---|
wagtail-2fa | le | 1.2.0 |