CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32568 – WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32568
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA allows Reflected XSS.This issue affects WP 2FA: from n/a through 2.6.2. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Melapress WP 2FA permite el XSS reflejado. Este problema afecta a WP 2FA: desde n/a hasta 2.6.2. The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44595 – WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-44595
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0. Una vulnerabilidad de autenticación incorrecta en Melapress WP 2FA permite omitir la autenticación. Este problema afecta a WP 2FA: desde n/a hasta 2.2.0. The WP 2FA plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the login_form_validate_2fa function in versions up to, and including, 2.2.0. This makes it possible for authenticated attackers to receive a 2fa login code even if the provider is not enabled for that user. • https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp2fa-plugin-2-2-0-broken-authentication-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-862: Missing Authorization •