2 matches found
CVE-2026-8293
The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user's password to obtain a WordPress authentication session for that user without completing the email...
PT-2026-25056
Name of the Vulnerable Software and Affected Versions Tinyauth versions prior to 5.0.3 Description Tinyauth is an authentication and authorization server. The OIDC authorization endpoint allows users with a TOTP-pending session password verified, TOTP not yet completed to obtain authorization...