Skip to main content

Webauthn Provider For Two Factor EUVDEUVD-2026-40920

| CVE-2026-11883 HIGH
2026-07-01 WPScan GHSA-758r-7wwh-v6r7
7.2
CVSS 3.1 · Vendor: WPScan
Share

Severity by source

Vendor (WPScan) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (WPScan) · only source for this CVE.

CVSS VectorVendor: WPScan

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 01, 2026 - 11:24 vuln.today
CVSS changed
Jul 01, 2026 - 11:22 NVD
7.2 (HIGH)
Patch available
Jul 01, 2026 - 08:01 EUVD
CVE Published
Jul 01, 2026 - 06:00 cve.org
UNKNOWN (no severity yet)
CVE Published
Jul 01, 2026 - 06:00 cve.org
HIGH 7.2

DescriptionCVE.org

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request.

AnalysisAI

Two-factor authentication bypass in the WebAuthn Provider for Two Factor WordPress plugin (all versions before 2.5.6) lets an attacker who already possesses a valid user's password defeat the WebAuthn second factor by submitting a malformed authentication response that the plugin fails to validate. This neutralizes the plugin's core protection, effectively reducing account security back to single-factor (password-only). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all WordPress installations using the WebAuthn Provider for Two Factor plugin and document current version numbers on each instance. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40920 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy