9.8
CVE-2022-0993
- EPSS 3.27%
- Veröffentlicht 19.04.2022 21:15:13
- Zuletzt bearbeitet 08.04.2026 18:17:21
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
Mögliche Gegenmaßnahme
Security Optimizer – The All-In-One Protection Plugin: Update to version 1.2.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Security Optimizer – The All-In-One Protection Plugin
Version
*-1.2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siteground ≫ Siteground Security SwPlatformwordpress Version <= 1.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.27% | 0.864 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.