Cross-site Scripting (XSS) Vulnerability in WP 2FA
CVE-2024-32568
7.1HIGH
What is CVE-2024-32568?
The Melapress WP 2FA plugin is vulnerable to a Cross-site Scripting (XSS) flaw due to improper input neutralization during web page generation. This vulnerability can be exploited to execute arbitrary JavaScript in the user's browser. It affects versions from n/a up to and including 2.6.2, potentially allowing attackers to hijack sessions or manipulate user interactions through reflected XSS attacks.
Affected Version(s)
WP 2FA 0 <= 2.6.2