WordPress Plugin Vulnerabilities

SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes

Description

The method in which 2FA back-up code authentication is handled by the plugin makes it possible for attackers to log in if they are able to brute force a back-up code for a user or compromise it via other means such as SQL Injection.

Affects Plugins

Plugin icon
sg-security
Fixed in 1.2.6

References

CVE
CVE-2022-0993
URL
https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/

Miscellaneous

Original Researcher
Chloe Chamberland (Wordfence)
Verified
Yes
WPVDB ID
b8dbb1a7-2f25-474d-b2b3-17ceb0d61839

Timeline

Publicly Published
2022-04-07 (about 4 years ago)
Added
2022-04-07 (about 4 years ago)
Last Updated
2022-04-08 (about 4 years ago)

Other

Published
Title
Published
2016-02-04
Title
User Meta Manager <= 3.4.6 - Privilege Escalation
Published
2015-05-02
Title
Slideshow 2.2.8-2.2.21 - Option Value Disclosure
Published
2018-12-08
Title
CSS & JavaScript Toolbox <= 8.4.1 - Database backup Disclosure
Published
2019-09-21
Title
DELUCKS SEO <= 2.1.7 - Unauthenticated Options Update
Published
2022-03-25
Title
Safe SVG < 1.9.10 - SVG Sanitisation Bypass