CVE-2022-44587
- EPSS 0.38%
- Published 21.06.2024 16:15:10
- Last modified 21.11.2024 07:28:10
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
CVE-2024-32568
- EPSS 1.12%
- Published 18.04.2024 10:15:11
- Last modified 09.07.2025 14:56:18
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2.
CVE-2022-44595
- EPSS 0.17%
- Published 21.03.2024 17:15:07
- Last modified 19.03.2025 10:16:58
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.
CVE-2023-6520
- EPSS 0.2%
- Published 11.01.2024 07:15:09
- Last modified 21.11.2024 08:44:01
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email fun...