Simbahosting - Two-factor-authentication CVE

Filtered by vendor Simbahosting Subscribe

Filtered by product Two-factor-authentication

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-20231	1 Simbahosting	1 Two-factor-authentication	2019-03-15	6.8 MEDIUM	8.8 HIGH
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.

Vulnerabilities (CVE)