CSRF Vulnerability in WordPress Two-Factor-Authentication Plugin Allows 2FA Disabling
CVE-2018-20231 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
Learn more about our Wordpress Pen Testing.