Описание
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.
Ссылки
- Third Party Advisory
- Patch
- ProductThird Party Advisory
- Third Party Advisory
- Patch
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.0 (включая)
cpe:2.3:a:wpwhitesecurity:wp_2fa:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 35%
0.00142
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732
Связанные уязвимости
CVSS3: 4.3
github
около 2 лет назад
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.
EPSS
Процентиль: 35%
0.00142
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-732
CWE-732