CVE-2026-12492
Description
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.
Metadata
Severity & Metrics
No CVSS data available.
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Unknown | Happy Coders OTP Login for WooCommerce | — | 1.5 < 2.8 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| — | cna | CWE-287 Improper Authentication |