cleantalk
Vulnerabilities and Security Researches

WP 2FA – Two-factor authentication for WordPress, CVE-2025-12628

CVE, Research URL

CVE-2025-12628

Home page URL

Security reports for WP 2FA – Two-factor authentication for WordPress

Application

WP 2FA – Two-factor authentication for WordPress

Published on
Nov 24, 2025
Research Description
The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them
Affected versions
max 3.0.0.
Status
vulnerable
Previous vulnerability researches
USS Upyun (CVE-2025-9629) , Oct 11, 2025
New vulnerability
Survey Maker – Best WordPress Survey Plugin (CVE-2025-12892) , Dec 11, 2025
Survey Maker – Best WordPress Survey Plugin (CVE-2025-64276) , Dec 11, 2025
Survey Maker – Best WordPress Survey Plugin (CVE-2025-12891) , Dec 11, 2025
Telegram Bot & Channel (CVE-2025-13068) , Dec 11, 2025
Constant Contact + WooCommerce (CVE-2025-67580) , Dec 11, 2025