Arbitrary 2FA Disabling via Insecure Direct Object References (IDOR) vulnerability discovered by Maycon Vitali in WordPress WP 2FA plugin (versions <= 2.1.0).
Update the WordPress WP 2FA plugin to the latest available version (at least 2.2.0).