CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them...

CVE-2025-12628

CVE-2025-12628 concerns the WordPress plugin “WP 2FA” where backup codes are generated with insufficient entropy, enabling brute-force attempts to bypass the second factor. Affected software: WP 2FA (Two-factor authentication for WordPress) — versions up to 3.0.0 (per enrichment). Root cause: bac...