Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Two Factor (2FA) Authentication via Email

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-13587
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.36%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 04:36
Updated-19 Feb, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Two Factor (2FA) Authentication via Email <= 1.9.8 - Two-Factor Authentication Bypass via token

The Two Factor (2FA) Authentication via Email plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 1.9.8. This is because the SS88_2FAVE::wp_login() method only enforces the 2FA requirement if the 'token' HTTP GET parameter is undefined, which makes it possible to bypass two-factor authentication by supplying any value in the 'token' parameter during login, including an empty one.

Action-Not Available
Vendor-ss88_uk
Product-Two Factor (2FA) Authentication via Email
CWE ID-CWE-20
Improper Input Validation