CVE-2022-2891

Name of the Vulnerable Software and Affected Versions WP 2FA WordPress plugin versions prior to 2.3.0

Description The issue exists due to the use of comparison operators that do not mitigate time-based attacks, potentially allowing a remote attacker to leak information about authentication codes being compared. This could facilitate inter-site script attacks.

Recommendations For WP 2FA WordPress plugin versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to authentication code comparison functions until a patch is available.