Lucene search

K
wpexploitJoost GrunwaldWPEX-ID:A03243EA-FEE7-46E4-8037-A228AFC5297A
HistoryNov 24, 2023 - 12:00 a.m.

Theme My Login 2FA < 1.2 - Lack of Rate Limiting

2023-11-2400:00:00
Joost Grunwald
23
theme my login
2fa
rate limiting
security vulnerability
exploit

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.5%

Description The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn’t be too long, as the 2FA codes are 6 digits.

https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.5%

Related for WPEX-ID:A03243EA-FEE7-46E4-8037-A228AFC5297A