Lucene search
+L

7 matches found

Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-12988 WP 2FA < 3.1.1.2 - Account Takeover via 2FA Setup Email Binding

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and tak...

0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/25 1:10 p.m.19 views

CVE-2025-12628

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

6.3CVSS6.7AI score0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 3:30 p.m.7 views

EUVD-2025-198648

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

6.3CVSS6.2AI score0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:0 p.m.16 views

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

8.1CVSS7.3AI score0.007EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 5:15 p.m.5 views

CVE-2022-44595

Improper Authentication vulnerability in Melapress WP 2FA allows Authentication Bypass.This issue affects WP 2FA: from n/a through 2.2.0...

5.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2023/12/29 10:15 a.m.6 views

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

7.5CVSS5.8AI score0.007EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.6 views

PT-2023-14512 · Miniorange · Miniorange'S Google Authenticator – Wordpress Two Factor Authentication – 2Fa

Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login versions n/a through 5.6.1 Description: The issue is related to the exposure of sensitive information to an...

8.1CVSS7.2AI score0.007EPSS
Exploits0References6
Rows per page
Query Builder