Back to CVE List

CVE-2026-12988

Vulnerability Description

The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and take over the account.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
WP 2FA

External References

Discussion (0)

Add Comment

No comments yet. Be the first!