Filtered by vendor Pickplugins
Subscriptions
Filtered by product User Verification By Pickplugins
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7458 | 2 Pickplugins, Wordpress | 2 User Verification By Pickplugins, Wordpress | 2026-05-04 | 9.8 Critical |
| The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value. | ||||
Page 1 of 1.