9.8
CVE-2022-0992
- EPSS 4.37%
- Veröffentlicht 19.04.2022 21:15:13
- Zuletzt bearbeitet 05.05.2025 17:17:33
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
Mögliche Gegenmaßnahme
Security Optimizer – The All-In-One Protection Plugin: Update to version 1.2.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Security Optimizer – The All-In-One Protection Plugin
Version
*-1.2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siteground ≫ Security Optimizer SwPlatformwordpress Version < 1.2.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.37% | 0.883 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security@wordfence.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.