The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.
References
Configurations
History
19 Oct 2024, 00:44
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-565 | |
First Time |
Dueclic
Dueclic wp 2fa With Telegram |
|
References | () https://plugins.trac.wordpress.org/browser/two-factor-login-telegram/tags/3.0/includes/class-wp-factor-telegram-plugin.php#L228 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve - Third Party Advisory | |
CPE | cpe:2.3:a:dueclic:wp_2fa_with_telegram:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
15 Oct 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Oct 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-15 02:15
Updated : 2024-10-19 00:44
NVD link : CVE-2024-9820
Mitre link : CVE-2024-9820
CVE.ORG link : CVE-2024-9820
JSON object : View
Products Affected
dueclic
- wp_2fa_with_telegram