Known Vulnerabilities for WP 2FA Two-factor Authentication For WordPress by Melapress
Listed below are 5 of the newest known vulnerabilities associated with "WP 2FA Two-factor Authentication For WordPress" by "Melapress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-8903 json | The Two-factor authentication (formerly IP Vault) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ver... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-8293 json | The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-f... | Not Provided | 2026-06-02 | 2026-06-02 |
| CVE-2023-6520 json | The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in al... | Not Provided | 2024-01-11 | 2026-04-08 |
| CVE-2023-6506 json | The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference... | Not Provided | 2024-01-11 | 2026-04-08 |
| CVE-2022-44589 json | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – ... | Not Provided | 2023-12-29 | 2026-04-28 |