← volver
CVE-2022-0993

SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass

CVSS 8.1 HIGHEPSS 7.5%CWE-285
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
siteground · Security Optimizer – The All-In-One Protection Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset/2706302https://www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3a5566-eee5-4f71-9c93-e59abf913d04?source=cve