Authentication Bypass Vulnerability in Melapress WP 2FA
CVE-2022-44595

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP 2fa
Vendor: CVE Published:; 21 March 2024

What is CVE-2022-44595?

The Melapress WP 2FA plugin is affected by an improper authentication vulnerability, allowing attackers to bypass security mechanisms designed to protect user accounts. This flaw compromises the integrity of authentication processes, which can lead to unauthorized access to sensitive information. Users of WP 2FA versions up to 2.2.0 are particularly at risk, making it crucial to implement necessary updates and security measures to safeguard against exploitation.

Affected Version(s)

WP 2FA <= 2.2.0

References

https://patchstack.com/database/vulnerability/wp-2fa/word...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Nov 1, 2022

Credit

Calvin Alkan / Snicco (Patchstack Alliance)

WordPress

What is CVE-2022-44595?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit