Vulnerabilities > CVE-2023-6272 - Improper Restriction of Excessive Authentication Attempts vulnerability in Thememylogin 2FA
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA codes are 6 digits.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |