VYPR

Wp 2fa

by Melapress

CVEs (5)

  • CVE-2024-32568HigApr 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through <= 2.6.2.

  • CVE-2025-12628MedNov 24, 2025
    risk 0.41cvss 6.3epss 0.00

    The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them

  • CVE-2022-44595MedMar 21, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.

  • CVE-2023-6520MedJan 11, 2024
    risk 0.28cvss 4.3epss 0.00

    The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it…

  • CVE-2022-44587Jun 21, 2024
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.