CVE-2025-12628

Summary

The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing them

Affected Software

VendorProductVersion RangeStatus
UnknownWP 2FA0 < 3.0.0affected

Weaknesses

  • CWE-331 Insufficient Entropyy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References