cbcvebase.

Melapress Wp 2Fa vulnerabilities

4 known vulnerabilities affecting melapress/wp_2fa.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2024-32568P2MEDIUMCVSS 6.1Exploitedfixed in 2.6.3≤ 2.6.22024-04-18
CVE-2024-32568 [MEDIUM] CWE-79 CVE-2024-32568: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through <= 2.6.2.
nvd
CVE-2022-44587P3HIGHCVSS 7.5fixed in 2.6.4≥ n/a, ≤ 2.6.32024-06-21
CVE-2022-44587 [HIGH] CWE-532 CVE-2022-44587: Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functional Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
nvd
CVE-2022-44595P4MEDIUMCVSS 5.3≤ 2.2.0≥ n/a, ≤ 2.2.02024-03-21
CVE-2022-44595 [MEDIUM] CWE-287 CVE-2022-44595: Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue af Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.
nvd
CVE-2023-6520P4MEDIUMCVSS 4.3fixed in 2.6.02024-01-11
CVE-2023-6520 [MEDIUM] CWE-352 CVE-2023-6520: The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to re
nvd
Melapress Wp 2Fa vulnerabilities | cvebase