WordPress Broken Authentication vulnerabilities (5)
-
Total site takeover through broken 2FA authentication in combination with SQLi – (SiteGround Security <= 1.3.0)
An attacker can take over the entire site by logging in as any user with two-factor authentication enabled without knowing the user’s primary credentials. The only precondition is that any plugin, theme, or WordPress core has one of the endless read-only SQL-injection vulnerabilities. An attacker can take over the entire site by logging in as…
-
Site takeover by stealing login tokens – (Magic Login Pro < 1.4.1)
The plugin stores login tokens as plain text in the “wp_usermeta” table, which is equally as dangerous as storing passwords in plaintext since anybody with access to the login token can authenticate himself as the target user.
-
Broken authentication leads to total site takeover in combination with read-only SQLi – (WP 2FA <= 2.2.1)
An attacker can take over the entire site by logging in as any user with two-factor authentication enabled without knowing his primary credentials. The only precondition is that any plugin, theme, or WordPress core has one of the endless read-only SQL-injection vulnerabilities.
-
2FA bypass by deleting a hidden input field – (WP 2FA <= 2.2.0)
The entire two-factor authentication can be bypassed by deleting a hidden input field in the 2FA form.
-
Broken encryption allows 2FA bypass – Two Factor Authentication (Updraft) <= 1.14.5
The Two Factor Authentication plugin by Updraft employs a broken encryption scheme that allows an attacker to permanently bypass all 2FA checks.