CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:melapress:wp_2fa:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:28

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 5.3
References () https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve - Third Party Advisory () https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve - Third Party Advisory

24 Jun 2024, 19:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.3
v2 : unknown
v3 : 7.5
References () https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/wp-2fa/wordpress-wp-2fa-plugin-2-6-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve - Third Party Advisory
CPE cpe:2.3:a:melapress:wp_2fa:*:*:*:*:*:wordpress:*:*
Summary
  • (es) La vulnerabilidad de inserción de información confidencial en el archivo de registro en WP 2FA permite acceder a la funcionalidad no restringida adecuadamente por las ACL. Este problema afecta a WP 2FA: desde n/a hasta 2.6.3.
First Time Melapress wp 2fa
Melapress

21 Jun 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-21 16:15

Updated : 2024-11-21 07:28


NVD link : CVE-2022-44587

Mitre link : CVE-2022-44587

CVE.ORG link : CVE-2022-44587


JSON object : View

Products Affected

melapress

  • wp_2fa
CWE
CWE-532

Insertion of Sensitive Information into Log File