MidnightBSD

Advisories for simbahosting

CVE-2015-9355 MEDIUM

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
simbahosting two-factor-authentication *
CVE-2018-20231 MEDIUM

Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
simbahosting two-factor-authentication *