Labdigital Wagtail-2fa — known CVE vulnerabilities
Every CVE whose affected-product data names Labdigital Wagtail-2fa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2019-16766 — CVSS 8.7 (high): When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass…
CVE-2020-5240 — CVSS 7.6 (high): In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The…