WordPress · Wp 2Fa · CVE-2025-12628
**Name of the Vulnerable Software and Affected Versions**
WP 2FA WordPress plugin versions prior to 3.0.0
**Description**
The WP 2FA WordPress plugin generates backup codes with insufficient entropy. This allows attackers to bypass two-factor authentication by brute-forcing the backup codes, potentially leading to account takeover.
**Recommendations**
Update to version 3.0.0 or later.