The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
References
Configurations
History
21 Nov 2024, 06:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 8.1 |
References | () https://plugins.trac.wordpress.org/changeset/2706302 - Release Notes, Vendor Advisory | |
References | () https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/ - | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3a5566-eee5-4f71-9c93-e59abf913d04?source=cve - |
11 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
21 Jul 2023, 17:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
Information
Published : 2022-04-19 21:15
Updated : 2024-11-21 06:39
NVD link : CVE-2022-0993
Mitre link : CVE-2022-0993
CVE.ORG link : CVE-2022-0993
JSON object : View
Products Affected
siteground
- siteground_security
CWE
CWE-306
Missing Authentication for Critical Function