CVE-2024-9820

CVSS V2 None CVSS V3 None

Description

The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.

Overview

CVE ID
CVE-2024-9820

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-10-15T02:03:53.185Z

Last Modified Date
2024-10-15T02:03:53.185Z

Weakness Enumerations

CWE	URL
CWE-784	http://cwe.mitre.org/data/definitions/784.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve
https://plugins.trac.wordpress.org/browser/two-factor-login-telegram/tags/3.0/includes/class-wp-factor-telegram-plugin.php#L228

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-9820
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9820

History

Created	Old Value	New Value	Data Type	Notes
2024-10-15 13:24:52				Added to TrackCVE