Approved changes feed: RSS · Atom

cpe:2.3:a:melapress:wp_2fa:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorMelapress (7b16c59f-5102-5265-b499-38ab78b79b40)
ProductWp 2Fa (622735e0-b7ab-58c0-9b17-94f64843579a)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-32568 vulnerable 2026-06-08 06:37:23.205488 WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through <= 2.6.2.
Published: 2024-04-18T09:49:39.787Z
Updated: 2026-04-28T16:09:37.752Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6520 vulnerable 2026-06-08 06:19:47.537868 WP 2FA – Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery
MEDIUM (4.3)
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed.
Published: 2024-01-11T06:49:30.129Z
Updated: 2026-04-08T16:34:47.066Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-44595 vulnerable 2026-06-08 05:49:35.689482 WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability
MEDIUM (5.3)
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.
Published: 2024-03-21T17:12:32.657Z
Updated: 2026-04-28T16:07:51.646Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-44587 vulnerable 2026-06-08 05:49:35.677741 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
MEDIUM (5.3)
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
Published: 2024-06-21T15:54:52.534Z
Updated: 2026-04-28T16:07:51.330Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.