PT-2026-54499 · Undefined · Undefined

Volodymyr Kolesnykov

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-11883

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-11883

Affected Products

Undefined