High severity8.1NVD Advisory· Published Apr 19, 2022· Updated Apr 8, 2026

CVE-2022-0993

Description

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.

Affected products

Siteground/Siteground Security
cpe:2.3:a:siteground:siteground_security:*:*:*:*:*:wordpress:*:*
Range: <=1.2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/2706302nvdRelease NotesVendor Advisory
www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/8e3a5566-eee5-4f71-9c93-e59abf913d04nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000