Wp 2fa

wp_2fa

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-6506 1Wpwhitesecurity 1Wp 2fa Apr 8, 2026 Jan 11, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing valid...Show more The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site.Show less
CVE-2022-2891 1Wpwhitesecurity 1Wp 2fa Nov 21, 2024 Oct 10, 2022 N/A· v4 5.9 MEDIUM· v3 N/A· v2 The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.
CVE-2022-1527 1Wpwhitesecurity 1Wp 2fa Nov 21, 2024 May 30, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting