Cross-site Scripting (XSS) Vulnerability in WP 2FA
CVE-2024-32568

7.1HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
18 April 2024

What is CVE-2024-32568?

The Melapress WP 2FA plugin is vulnerable to a Cross-site Scripting (XSS) flaw due to improper input neutralization during web page generation. This vulnerability can be exploited to execute arbitrary JavaScript in the user's browser. It affects versions from n/a up to and including 2.6.2, potentially allowing attackers to hijack sessions or manipulate user interactions through reflected XSS attacks.

Affected Version(s)

WP 2FA 0 <= 2.6.2

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.