Authentication Bypass Vulnerability in SiteGround Security Plugin for WordPress

Authentication Bypass Vulnerability in SiteGround Security Plugin for WordPress

CVE-2022-0993 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.

Learn more about our Wordpress Pen Testing.