Simbahosting: >> Two-Factor-Authentication >> 1.1.14 Security Vulnerabilities
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-12-19