Calvin Alkan

**Name of the Vulnerable Software and Affected Versions** WPMU DEV Defender Security versions n/a through 3.3.2 **Description** The issue affects the storage of sensitive information, allowing access to screen temporary files that may contain sensitive data. This is a result of insecure storage practices within the Defender Security software. **Recommendations** For versions n/a through 3.3.2, update to a version later than 3.3.2 to secure your data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Melapress WP 2FA versions n/a through 2.2.0 **Description** The issue is related to an Improper Authentication vulnerability that allows Authentication Bypass in Melapress WP 2FA. **Recommendations** For Melapress WP 2FA versions n/a through 2.2.0, update to a version later than 2.2.0 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login versions n/a through 5.6.1 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. This affects the miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions n/a through 5.6.1, update to a version later than 5.6.1 to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** WP 2FA WordPress plugin versions prior to 2.3.0 **Description** The issue exists due to the use of comparison operators that do not mitigate time-based attacks, potentially allowing a remote attacker to leak information about authentication codes being compared. This could facilitate inter-site script attacks. **Recommendations** For WP 2FA WordPress plugin versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to authentication code comparison functions until a patch is available.