๐Ÿ” CVE Alert

CVE-2026-11883

UNKNOWN 0.0

WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

Vendor unknown
Product webauthn provider for two factor
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for unknown webauthn provider for two factor

Be the first to know when new unknown vulnerabilities affecting unknown webauthn provider for two factor are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / WebAuthn Provider for Two Factor
0 < 2.5.6

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/f718390c-1d7c-4048-bce6-a3170998e828/

Credits

Volodymyr Kolesnykov WPScan