How severe is CVE-2024-9820?

CVE-2024-9820 has a CVSS v3 score of 6.5 (MEDIUM).

CVE-2024-9820

Name: wp_2fa_with_telegram
Author: dueclic

6.5MEDIUM

The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, whic

Publicado: 10/15/2024Atualizado: 10/19/2024

Descrição

The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication.

Análise IADesenvolvido por IA

Produtos Afetados

dueclicwp_2fa_with_telegram

Referências

https://plugins.trac.wordpress.org/browser/two-factor-login-telegram/tags/3.0/includes/class-wp-factor-telegram-plugin.php#L228
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd73030-7185-4302-b3fd-29cbbe716e3e?source=cve
Third Party Advisory