PT-2019-7314 · WordPress · Two-Factor-Authentication Plugin

Published

2019-08-28

Updated

2019-09-03

CVE-2015-9355

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions two-factor-authentication plugin versions prior to 1.1.10 for WordPress

Description The issue concerns a Cross-Site Scripting (XSS) flaw in the admin area of the two-factor-authentication plugin for WordPress. This type of flaw allows attackers to inject malicious scripts into websites, potentially leading to unauthorized access or control.

Recommendations For versions prior to 1.1.10, update the two-factor-authentication plugin to version 1.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin area to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9355

Affected Products

Two-Factor-Authentication Plugin

PT-2019-7314 · WordPress · Two-Factor-Authentication Plugin

CVE-2015-9355

Weakness Enumeration

Related Identifiers

Affected Products

References · 4