WordPress Plugin Vulnerabilities
Login With OTP < 1.5 - Authentication Bypass via Weak OTP
Description
The plugin is vulnerable to authentication bypass due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they know the email address.
Affects Plugins
References
Classification
Type
AUTHBYPASS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
István Márton
Verified
No
WPVDB ID
Timeline
Publicly Published
2024-12-05 (about 1 year ago)
Added
2024-12-06 (about 1 year ago)
Last Updated
2025-07-15 (about 11 months ago)