CVEs-PoC/2018/CVE-2018-20231.md at bc4580b7799602bfe4618c8fe9ddff9c2dfdfc86

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-10 07:47:42 +02:00

Files

T

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.

POC

Reference

https://wpvulndb.com/vulnerabilities/9187
https://www.privacy-wise.com/two-factor-authentication-cross-site-request-forgery-csrf-vulnerability-cve-2018-20231/

Github

No PoCs found on GitHub currently.

789 B Raw Blame History

CVE-2018-20231

Description

POC

Reference

Github

789 B

Raw Blame History