CVE-2024-10245 – Relais 2FA WordPress Authentication Bypass

CVE ID : CVE-2024-10245

Published : Nov. 12, 2024, 10:15 a.m. | 1 hour, 2 minutes ago

Description : The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the ‘rl_do_ajax’ function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-10245 – Relais 2FA WordPress Authentication Bypass