CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6506 – WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending
https://notcve.org/view.php?id=CVE-2023-6506
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site. El complemento WP 2FA – Two-factor authentication for WordPress para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 2.5.0 incluida a través de send_backup_codes_email debido a la falta de validación en una clave controlada por el usuario. Esto hace posible que los atacantes a nivel de suscriptor envíen correos electrónicos a usuarios arbitrarios en el sitio. • https://plugins.trac.wordpress.org/browser/wp-2fa/trunk/includes/classes/Admin/class-setup-wizard.php?rev=2940688#L606 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3009922%40wp-2fa&new=3009922%40wp-2fa&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2891 – WP 2FA < 2.3.0 - Time-Based Side-Channel Attack
https://notcve.org/view.php?id=CVE-2022-2891
The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. El plugin WP 2FA de WordPress versiones anteriores a 2.3.0, usa operadores de comparación que no mitigan los ataques basados en el tiempo, lo que podría ser abusado para filtrar información sobre los códigos de autenticación que son comparados The WP 2FA plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.2.1 due to the use of a linear-time comparison operator when comparing token hashes. This allows an attacker to gain information about authentication tokens by observing small time differences in server response times. This is a vulnerability that is generally not realistically exploitable over the internet due to other factors that will have a greater influence on response times. • https://wpscan.com/vulnerability/301b3dce-2584-46ec-92ed-1c0626522120 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1527 – WP 2FA < 2.2.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1527
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting El plugin WP 2FA de WordPress versiones anteriores a 2.2.1, no sanea y escapa de un parámetro antes de devolverlo a una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado The WP 2FA WordPress plugin before 2.2.1 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue. • https://wpscan.com/vulnerability/0260d5c0-52a9-44ce-b7be-aff642056d16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •