All CVEs View on NVD
CVE-2026-12492
CRITICAL9.8
Published 2026-07-16 · Updated 2026-07-16 · Source contact@wpscan.com
Description
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-287

