Filtered by vendor Ss88 Uk
Subscriptions
Filtered by product Two Factor (2fa) Authentication Via Email
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13587 | 2 Ss88 Uk, Wordpress | 2 Two Factor (2fa) Authentication Via Email, Wordpress | 2026-02-19 | 6.5 Medium |
| The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login() method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes it possible to bypass two-factor authentication by supplying any value in the 'token' parameter during login, including an empty one. | ||||
Page 1 of 1.