WP-Safety
WF-352a0c8a-22a6-44d9-917c-5fb37569d143-all-in-one-wp-security-and-firewall

All In One WP Security & Firewall <= 4.1.2 - Captcha Bypass

mediumGuessable CAPTCHA
5.3
CVSS Score
5.3
CVSS Score
medium
Severity
4.1.3
Patched in
2732d
Time to patch

Description

The All In One WP Security & Firewall for WordPress is vulnerable to Captcha Bypass via multiple routes, allowing automated login attempts to proceed

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Low
Confidentiality
None
Integrity
None
Availability

Technical Details

Affected versions<=4.1.2
PublishedJuly 31, 2016
Last updatedJanuary 22, 2024
Affected pluginall-in-one-wp-security-and-firewall
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/352a0c8a-22a6-44d9-917c-5fb37569d143?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database