CVE-2026-12492 in OTP Login for WooCommerce Plugin
Zusammenfassung
von MITRE • 16.07.2026
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.