CVE-2024-9820

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 15, 2024
CWE ID 784

Summary

CVE-2024-9820 identifies a vulnerability in the WP 2FA with Telegram plugin for WordPress, affecting versions up to and including 3.0, which allows an attacker to bypass two-factor authentication due to the two-factor code being stored in a cookie. This vulnerability has a medium severity rating, with an exploitability score of 2.8, indicating a low attack complexity and no user interaction required. Organizations using the affected plugin are at risk of unauthorized access, as it can lead to high integrity impact without compromising confidentiality or availability. To remediate this issue, it is recommended that users upgrade the plugin to a version beyond 3.0 where this vulnerability has been addressed. For further information, references are available through security advisories and the WordPress plugin repository.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share