Close Menu
    Subscribe
    Alerts

    CVE-2026-8293 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor authentication REST endpoints, allowing an attacker who knows a user’s password to obtain a WordPress authentication session for that user without completing the email OTP challenge.

    PUBLISHED Reserved 2026-05-11 | Published 2026-06-02 | Updated 2026-06-02 | Assigner WPScan

    Problem types

    CWE-287 Improper Authentication

    Product status

    Default status
    unaffected

    Any version before 9.5.10.1
    affected

    Credits

    John Umoru finder

    WPScan coordinator

    References

    wpscan.com/…rability/1de69ef9-6226-4292-8e36-b331a37f043e/ exploit vdb-entry technical-description

    cve.org (CVE-2026-8293)

    nvd.nist.gov (CVE-2026-8293)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.