Description
WordPress Plugin Duo Two-Factor Authentication is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and gain unauthorized access to the affected application. The vulnerability exists only in multi-site deployments scenario with the plugin disabled globally and enabled on a site-by-site basis. WordPress Plugin Duo Two-Factor Authentication version 1.8.1 is vulnerable; prior versions are also affected.
Remediation
Update to plugin version 2.0 or latest
References
Related Vulnerabilities
WordPress Plugin Easy Forms for Mailchimp Cross-Site Scripting (5.0.6)
Oracle JRE CVE-2018-2599 Vulnerability (CVE-2018-2599)
WordPress Plugin Mimetic Books Cross-Site Scripting (0.2.13)
Python Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4944)
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)