CVE-2024-9820
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2024-9820 identifies a vulnerability in the WP 2FA with Telegram plugin for WordPress, affecting versions up to and including 3.0, which allows an attacker to bypass two-factor authentication due to the two-factor code being stored in a cookie. This vulnerability has a medium severity rating, with an exploitability score of 2.8, indicating a low attack complexity and no user interaction required. Organizations using the affected plugin are at risk of unauthorized access, as it can lead to high integrity impact without compromising confidentiality or availability. To remediate this issue, it is recommended that users upgrade the plugin to a version beyond 3.0 where this vulnerability has been addressed. For further information, references are available through security advisories and the WordPress plugin repository.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.