Vulnerability in Webauthn Provider For Two Factor

CVE-2026-11883

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requ…

Affected products

  • Unknown Webauthn Provider For Two Factor — versions 0

References