WordPress · Theme My Login 2Fa · CVE-2023-6272
**Name of the Vulnerable Software and Affected Versions**
Theme My Login 2FA WordPress plugin versions prior to 1.2
**Description**
The issue allows an attacker to brute-force all possibilities of 2FA codes, which are 6 digits long, due to the lack of rate limiting on 2FA validation attempts.
**Recommendations**
For versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider implementing custom rate limiting on 2FA validation attempts to minimize the risk of exploitation.