Back to overview

CVE-2026-12492

Description
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier, allowing unauthenticated attackers to log in as any existing user, including administrators, as well as to create new accounts.

Metadata

CVE ID
CVE-2026-12492
State
PUBLISHED
Assigner
WPScan
Reserved
2026-06-17 08:25 UTC
Published
2026-07-16 06:00 UTC
Last updated
2026-07-16 06:00 UTC
Vendor / Product
Unknown / Happy Coders OTP Login for WooCommerce
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Unknown Happy Coders OTP Login for WooCommerce 1.5 < 2.8
Weakness (CWE)
CWESourceDescription
cna CWE-287 Improper Authentication
Back to overview