Authentication Bypass Vulnerability in Melapress WP 2FA
CVE-2022-44595

5.3MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
21 March 2024

What is CVE-2022-44595?

The Melapress WP 2FA plugin is affected by an improper authentication vulnerability, allowing attackers to bypass security mechanisms designed to protect user accounts. This flaw compromises the integrity of authentication processes, which can lead to unauthorized access to sensitive information. Users of WP 2FA versions up to 2.2.0 are particularly at risk, making it crucial to implement necessary updates and security measures to safeguard against exploitation.

Affected Version(s)

WP 2FA <= 2.2.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Calvin Alkan / Snicco (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.