WordPress Plugin Vulnerabilities

WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass

Description

The plugin does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

Proof of Concept

Affects Plugins

References

Classification

Miscellaneous

Original Researcher
Volodymyr Kolesnykov
Submitter
Volodymyr Kolesnykov
Submitter website
Verified
Yes

Timeline

Publicly Published
2026-06-10 (about 21 days ago)
Added
2026-06-10 (about 20 days ago)
Last Updated
2026-06-10 (about 20 days ago)

Other