ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Two Factor Authentication plugin <= 1.3.12 - Cross-Site Request Forgery (CSRF) vulnerability

Product
Two Factor Authentication
Description
Cross-Site Request Forgery (CSRF) vulnerability found by Martijn Korse in WordPress Two Factor Authentication plugin (versions <= 1.3.12).
Solution
Update the WordPress Two Factor Authentication plugin to the latest available version (at least 1.3.13).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-2018-20231
Versions
Affected In <= 1.3.12
Fixed In 1.3.13
Disclosure date
2019-01-08
Credits
Martijn Korse
Submitter
ThreatPress