The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
References
Configurations
History
11 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
21 Jul 2023, 17:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
Information
Published : 2022-04-19 21:15
Updated : 2024-02-28 19:09
NVD link : CVE-2022-0993
Mitre link : CVE-2022-0993
CVE.ORG link : CVE-2022-0993
JSON object : View
Products Affected
siteground
- siteground_security
CWE
CWE-306
Missing Authentication for Critical Function