Insertion of Sensitive Information into Log File vulnerability
CVE-2022-44587
7.5HIGH
Summary
The WP 2FA Plugin has a vulnerability that permits sensitive information to be inserted into log files, leading to unauthorized access of functionality that is not properly constrained by Access Control Lists (ACLs). This flaw is present in versions from the initial release up to and including version 2.6.3. If exploited, this vulnerability can result in exposure of sensitive data, potentially compromising the integrity and security of the WordPress installation. It is crucial for users of WP 2FA to upgrade to the latest version to mitigate these risks.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published