cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forsg-security sg-security

Direction: ascending
Jun 07, 2024

Security Optimizer – The All-In-One WordPress Protection Plugin # CVE-2023-0234

CVE, Research URL

CVE-2023-0234

Home page URL

Security reports for Security Optimizer – The All-In-One WordPress Protection Plugin

Application

Security Optimizer – The All-In-One WordPress Protection Plugin

Date
Feb 07, 2023
Research Description
The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue.
Affected versions
Min -, max -.
Status
vulnerable

Security Optimizer – The All-In-One WordPress Protection Plugin # CVE-2022-0993

CVE, Research URL

CVE-2022-0993

Home page URL

Security reports for Security Optimizer – The All-In-One WordPress Protection Plugin

Application

Security Optimizer – The All-In-One WordPress Protection Plugin

Date
Apr 20, 2022
Research Description
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
Affected versions
Min -, max -.
Status
vulnerable

Security Optimizer – The All-In-One WordPress Protection Plugin # CVE-2022-0992

CVE, Research URL

CVE-2022-0992

Home page URL

Security reports for Security Optimizer – The All-In-One WordPress Protection Plugin

Application

Security Optimizer – The All-In-One WordPress Protection Plugin

Date
Apr 20, 2022
Research Description
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
Affected versions
Min -, max -.
Status
vulnerable
Jul 22, 2024

Security Optimizer – The All-In-One WordPress Protection Plugin # CVE-2024-38774

CVE, Research URL

CVE-2024-38774

Home page URL

Security reports for Security Optimizer – The All-In-One WordPress Protection Plugin

Application

Security Optimizer – The All-In-One WordPress Protection Plugin

Date
Nov 01, 2024
Research Description
Missing Authorization vulnerability in SiteGround SiteGround Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteGround Security: from n/a through 1.5.0.
Affected versions
Min -, max -.
Status
vulnerable