EPSS
Percentile
55.9%
wagtail-2fa is vulnerable 2fa bypass. An attacker with knowledge of another user’s Wagtail login credentials is able to bypass the 2FA verification by modifying the URL, and subsequently add a new device and gain full access to the CMS.
github.com/advisories/GHSA-89px-ww3j-g2mm
github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca
github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81
github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm