CVE-2026-11883
WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.
| Vendor | unknown |
| Product | webauthn provider for two factor |
| Published | Jul 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown webauthn provider for two factor
Be the first to know when new unknown vulnerabilities affecting unknown webauthn provider for two factor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / WebAuthn Provider for Two Factor
0 < 2.5.6
References
Credits
Volodymyr Kolesnykov WPScan