cleantalk
Vulnerabilities and Security Researches

WP 2FA – Two-factor authentication for WordPress, CVE-2025-12628

CVE, Research URL

CVE-2025-12628

Home page URL

Security reports for WP 2FA – Two-factor authentication for WordPress

Application

WP 2FA – Two-factor authentication for WordPress

Published on
Nov 24, 2025
Research Description
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them
Affected versions
max 3.0.0.
Status
vulnerable
Previous vulnerability researches
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025
New vulnerability
User Verification (CVE-2025-12374) , Dec 11, 2025
Webcake – Landing Page Builder (CVE-2025-12165) , Dec 11, 2025
WP Custom Admin Login Page Logo (CVE-2025-12132) , Dec 11, 2025
Hide Categories Or Products On Shop Page (CVE-2025-12128) , Dec 11, 2025
oik (CVE-2025-67549) , Dec 11, 2025