EUVD-2025-34570

🗓️ 15 Oct 2025 08:25:50Reported by EUVDType

Keyy Two Factor Authentication for WordPress up to version 1.2.3 enables privilege escalation by forged tokens to log in as administrators with two factor enabled.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-10293	15 Oct 202511:36	–	circl
CNNVD	WordPress plugin Keyy Two Factor Authentication 授权问题漏洞	15 Oct 202500:00	–	cnnvd
CNVD	WordPress Keyy Two Factor Authentication plugin Privilege Escalation Vulnerability	21 Oct 202500:00	–	cnvd
CVE	CVE-2025-10293	15 Oct 202508:25	–	cve
Cvelist	CVE-2025-10293 Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	15 Oct 202508:25	–	cvelist
NVD	CVE-2025-10293	15 Oct 202509:15	–	nvd
Patchstack	WordPress Keyy Two Factor Authentication (like Clef) plugin <= 1.2.3 - Privilege Escalation vulnerability	15 Oct 202501:12	–	patchstack
RedhatCVE	CVE-2025-10293	16 Oct 202508:33	–	redhatcve
Vulnrichment	CVE-2025-10293 Keyy Two Factor Authentication (like Clef) <= 1.2.3 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover	15 Oct 202508:25	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (October 13, 2025 to October 19, 2025)	23 Oct 202515:44	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "0c9c71ff-01dd-300f-8551-b18453c288d4",
        "vendor": {
          "name": "nexist"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "90e43405-f4cf-3fc4-ae60-20154608ce57",
        "product": {
          "name": "Keyy Two Factor Authentication (like Clef)"
        },
        "product_version": "* ≤1.2.3"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/1850e6bd-04bc-4510-aba9-e51431363231
wordpress	www.wordpress.org/plugins/keyy/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-10293

15 Oct 2025 15:28Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.18.8

EPSS0.00075

SSVC