HackerFeeds
All CVEs

CVE-2026-12492

CRITICAL9.8

Published 2026-07-16 · Updated 2026-07-16 · Source contact@wpscan.com

Description

The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.

CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287
View on NVD