Melapress Wp 2Fa vulnerabilities
4 known vulnerabilities affecting melapress/wp_2fa.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-32568P2MEDIUMCVSS 6.1Exploitedfixed in 2.6.3≤ 2.6.22024-04-18
CVE-2024-32568 [MEDIUM] CWE-79 CVE-2024-32568: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through <= 2.6.2.
nvd
CVE-2022-44587P3HIGHCVSS 7.5fixed in 2.6.4≥ n/a, ≤ 2.6.32024-06-21
CVE-2022-44587 [HIGH] CWE-532 CVE-2022-44587: Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functional
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
nvd
CVE-2022-44595P4MEDIUMCVSS 5.3≤ 2.2.0≥ n/a, ≤ 2.2.02024-03-21
CVE-2022-44595 [MEDIUM] CWE-287 CVE-2022-44595: Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue af
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.
nvd
CVE-2023-6520P4MEDIUMCVSS 4.3fixed in 2.6.02024-01-11
CVE-2023-6520 [MEDIUM] CWE-352 CVE-2023-6520: The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Sit
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to re
nvd