Two-Factor Authentication Bypass in WP 2FA with Telegram Plugin
CVE-2024-9820
7.5HIGH
What is CVE-2024-9820?
The WP 2FA with Telegram plugin for WordPress contains a vulnerability that allows attackers to bypass Two-Factor Authentication (2FA). This issue arises from the insecure storage of the two-factor authentication code in cookies, rendering it accessible and exploitable. As a result, unauthorized access to user accounts may occur, compromising the security integrity of WordPress sites using this plugin.
Affected Version(s)
WP 2FA with Telegram * <= 3.0