Wpwhitesecurity Wp 2fa — known CVE vulnerabilities
Every CVE whose affected-product data names Wpwhitesecurity Wp 2fa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-1527 — CVSS 6.1 (medium): The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a…
CVE-2022-2891 — CVSS 5.9 (medium): The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak…
CVE-2023-6506 — CVSS 4.3 (medium): The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all…