4 matches found
WordPress WP 2FA plugin <= 2.9.3 - 2-Factor Authentication Bypass vulnerability
2-Factor Authentication Bypass vulnerability discovered by Benjamin Nadarević in WordPress Plugin WP 2FA versions = 2.9.3...
CVE-2025-12628
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...
CVE-2025-12628
creationtimestamp| type| source ---|---|--- 2025-11-24 13:23:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m6ewdhi3iw2b 2025-11-24 15:16:16+00:00| seen| https://gist.github.com/Darkcrai86/0942399b2da463ce374c007e9bc388bc...
CVE-2025-12628
CVE-2025-12628 concerns the WordPress plugin “WP 2FA” where backup codes are generated with insufficient entropy, enabling brute-force attempts to bypass the second factor. Affected software: WP 2FA (Two-factor authentication for WordPress) — versions up to 3.0.0 (per enrichment). Root cause: bac...