7.5
CVE-2024-9820
- EPSS 0.07%
- Veröffentlicht 15.10.2024 02:15:03
- Zuletzt bearbeitet 19.10.2024 00:44:10
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginWP 2FA with Telegram <= 3.0 - Two-Factor Authentication Bypass
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.
Mögliche Gegenmaßnahme
AuthPress: Update to version 3.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
AuthPress
Version
*-3.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dueclic ≫ Wp 2fa With Telegram SwPlatformwordpress Version < 3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.208 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| security@wordfence.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-565 Reliance on Cookies without Validation and Integrity Checking
The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.