Description
WordPress Plugin Google Authenticator-Per User Prompt is prone to a timing attack vulnerability because of an implementation flaw in how the application validates the password for a user account. Exploiting this issue may allow attackers to brute force an application password and gain access to the account. WordPress Plugin Google Authenticator-Per User Prompt version 0.6 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.7 or latest
References
https://hackerone.com/reports/277534
https://plugins.svn.wordpress.org/google-authenticator-per-user-prompt/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WooCommerce Product Attachment Cross-Site Scripting (1.1.2)
Oracle JRE CVE-2013-3829 Vulnerability (CVE-2013-3829)
Oracle Database Server CVE-2009-1992 Vulnerability (CVE-2009-1992)
Artifactory Missing Authorization Vulnerability (CVE-2019-10322)
Jenkins Improper Input Validation Vulnerability (CVE-2018-1000068)