WordPress Plugin Vulnerabilities
Theme My Login 2FA < 1.2 - Lack of Rate Limiting
Description
The plugin does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
Proof of Concept
https://packetstormsecurity.com/2309-exploits/wpmylogin-bruteforce.txt
Affects Plugins
References
Classification
Type
AUTHBYPASS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Joost Grunwald
Submitter
Joost Grunwald
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-11-24 (about 5 months ago)
Added
2023-11-24 (about 5 months ago)
Last Updated
2023-11-24 (about 5 months ago)