EPSS
Percentile
70.7%
The method in which 2FA back-up code authentication is handled by the plugin makes it possible for attackers to log in if they are able to brute force a back-up code for a user or compromise it via other means such as SQL Injection.
www.wordfence.com/blog/2022/04/critical-authentication-bypass-vulnerability-patched-in-siteground-security-plugin/