Vulnerability in Webauthn Provider For Two Factor
CVE-2026-11883
The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requ…
Affected products
- Unknown Webauthn Provider For Two Factor — versions 0
References
- contact@wpscan.com (technical-description, exploit, vdb-entry)