Approved changes feed: RSS · Atom
cpe:2.3:a:melapress:wp_2fa:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Melapress (7b16c59f-5102-5265-b499-38ab78b79b40) |
|---|---|
| Product | Wp 2Fa (622735e0-b7ab-58c0-9b17-94f64843579a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-32568 |
vulnerable | 2026-06-08 06:37:23.205488 |
WordPress WP 2FA plugin <= 2.6.2 - Reflected Cross Site Scripting (XSS) vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Melapress WP 2FA wp-2fa.This issue affects WP 2FA: from n/a through <= 2.6.2.
Published: 2024-04-18T09:49:39.787Z
Updated: 2026-04-28T16:09:37.752Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6520 |
vulnerable | 2026-06-08 06:19:47.537868 |
WP 2FA – Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery
MEDIUM (4.3)
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed.
Published: 2024-01-11T06:49:30.129Z
Updated: 2026-04-08T16:34:47.066Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44595 |
vulnerable | 2026-06-08 05:49:35.689482 |
WordPress WP2FA plugin <= 2.2.0 - Broken Authentication vulnerability
MEDIUM (5.3)
Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0.
Published: 2024-03-21T17:12:32.657Z
Updated: 2026-04-28T16:07:51.646Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-44587 |
vulnerable | 2026-06-08 05:49:35.677741 |
WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability
MEDIUM (5.3)
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
Published: 2024-06-21T15:54:52.534Z
Updated: 2026-04-28T16:07:51.330Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.