CVE-2026-12988
Vulnerability Description
The WP 2FA WordPress plugin before 3.1.1.2 does not verify that the email address supplied during two-factor authentication setup belongs to the user, allowing an attacker who has obtained a user's credentials to redirect the setup verification code to an attacker-controlled email address and take over the account.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
WP 2FA
Discussion (0)
Add Comment
No comments yet. Be the first!