Simbahosting: >> Two-Factor-Authentication Security Vulnerabilities
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-28
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-19