cleantalk
Vulnerabilities and Security Researches

Security Optimizer – The All-In-One WordPress Protection Plugin, CVE-2022-0992

CVE, Research URL

CVE-2022-0992

Home page URL

Security reports for Security Optimizer – The All-In-One WordPress Protection Plugin

Application

Security Optimizer – The All-In-One WordPress Protection Plugin

Published on
Apr 20, 2022
Research Description
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending accounts. Upon successful configuration, the attacker is logged in as that user without access to a username/password pair which is the expected first form of authentication. This affects versions up to, and including, 1.2.5.
Affected versions
Min -, max 1.2.6.
Status
vulnerable
Previous vulnerability researches
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2024-38774) , Jul 22, 2024
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2023-0234) , Jun 07, 2024
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2022-0993) , Jun 07, 2024
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2022-0992) , Jun 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025