VYPR

WP 2FA with Telegram

by WordPress

CVEs (2)

  • CVE-2024-9687HigOct 15, 2024
    risk 0.57cvss 8.8epss 0.00

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authenticated attackers, with…

  • CVE-2024-9820MedOct 15, 2024
    risk 0.42cvss 6.5epss 0.00

    The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.