[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkZEI2A7_kJJgt5LzaaTpSfAfkG7xKZ6lufoNeXU-En0":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2025-12628","wp-2fa-two-factor-authentication-for-wordpress-2-factor-authentication-bypass","WP 2FA – Two-factor authentication for WordPress \u003C= 2.9.3 - 2-Factor Authentication Bypass","The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to 2FA bypass in all versions up to, and including, 2.9.3. This makes it possible for unauthenticated attackers to bypass 2FA protection. Please note Wordfence does not consider this a security vulnerability and previously rejected assigning a CVE ID to this issue. This is being included for informational purposes.","wp-2fa",null,"\u003C=2.9.3","3.0.0","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Protection Mechanism Failure","2025-11-03 00:00:00","2025-12-01 17:29:34",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F50d7edfe-3b87-428b-b774-f414a684c8e9?source=api-prod",29]