6 matches found
CVE-2025-14002
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
CVE-2025-14002
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
CVE-2025-14002
CVE-2025-14002 — The WPCOM Member plugin for WordPress allows authentication bypass via brute force. Root cause: weak OTP generation (6 digits) with a 10-minute validity and no rate limiting on verification attempts. Impact: unauthenticated attackers can log in as any user (including admins) if t...
CVE-2025-14002 WPCOM Member <= 1.7.16 - Authentication Bypass via Weak OTP
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
EUVD-2025-203621
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP One-Time Password generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verificatio...
PT-2025-51469
Name of the Vulnerable Software and Affected Versions WPCOM Member plugin for WordPress versions prior to 1.7.17 Description The software is susceptible to authentication bypass through brute-force attacks. This is caused by a weak One-Time Password OTP generation process, utilizing only six...