CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Simbahosting 1Two Factor Authentication Nov 21, 2024 Aug 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. |
1Simbahosting 1Two Factor Authentication Nov 21, 2024 Dec 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. |