9.8
CVE-2022-0993
- EPSS 3.27%
- Veröffentlicht 19.04.2022 21:15:13
- Zuletzt bearbeitet 21.11.2024 06:39:48
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
Mögliche Gegenmaßnahme
Security Optimizer – The All-In-One Protection Plugin: Update to version 1.2.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Security Optimizer – The All-In-One Protection Plugin
Version
*-1.2.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Siteground ≫ Siteground Security SwPlatformwordpress Version <= 1.2.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.27% | 0.864 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security@wordfence.com | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.