CVE-2026-12492
Happy Coders OTP Login for WooCommerce < 2.8 - Unauthenticated Account Takeover via hcotp_auto_login_user
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.
| Vendor | unknown |
| Product | happy coders otp login for woocommerce |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown happy coders otp login for woocommerce
Be the first to know when new unknown vulnerabilities affecting unknown happy coders otp login for woocommerce are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Happy Coders OTP Login for WooCommerce
1.5 < 2.8
References
Credits
moonge WPScan