Authentication bypass in User Verification by PickPlugins for WordPress allows remote unauthenticated attackers to log in as any user with a verified email - including administrators - by submitting the string 'true' as the OTP code. The vulnerability stems from a loose PHP comparison operator (==) in the OTP validation logic, which treats the boolean true as equal to any non-zero numeric OTP value. With CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and EPSS data unavailable, this represents complete system compromise risk for WordPress sites running vulnerable versions (≤2.0.46). Fixed in version 2.0.47 per Wordfence advisory and WordPress plugin repository changeset 3519113.
Unrestricted file upload in User Registration Advanced Fields plugin for WordPress (≤1.6.20) allows remote unauthenticated attackers to upload executable files and achieve code execution on the web server when Profile Picture fields are enabled in registration forms. Wordfence has documented this critical vulnerability affecting all versions through 1.6.20, with exploitation possible against any site using the Profile Picture form field feature without authentication or user interaction required.