CSRF Vulnerability in WordPress Two-Factor-Authentication Plugin Allows 2FA Disabling

CSRF Vulnerability in WordPress Two-Factor-Authentication Plugin Allows 2FA Disabling

CVE-2018-20231 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.

Learn more about our Wordpress Pen Testing.