cleantalk
Vulnerabilities and Security Researches

Security Optimizer – The All-In-One WordPress Protection Plugin, CVE-2022-0993

CVE, Research URL

CVE-2022-0993

Home page URL

Security reports for Security Optimizer – The All-In-One WordPress Protection Plugin

Application

Security Optimizer – The All-In-One WordPress Protection Plugin

Published on
Apr 20, 2022
Research Description
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5.
Affected versions
Min -, max 1.2.6.
Status
vulnerable
Previous vulnerability researches
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2024-38774) , Jul 22, 2024
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2023-0234) , Jun 07, 2024
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2022-0993) , Jun 07, 2024
Security Optimizer – The All-In-One WordPress Protection Plugin (CVE-2022-0992) , Jun 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025