GHSA-758r-7wwh-v6r7HighCVSS 7.2

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate...

Published
July 1, 2026
Last Modified
July 1, 2026

🔗 CVE IDs covered (1)

📋 Description

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

🔗 References (3)