VYPR

Login with OTP

by WordPress

Source repositories

CVEs (2)

  • CVE-2026-8760CriMay 27, 2026
    risk 0.57cvss 9.8epss 0.01

    The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to `otpl_login_action()` was placed only inside the OTP-generation…

  • CVE-2024-11178HigDec 6, 2024
    risk 0.46cvss 8.1epss 0.01

    The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and…