VYPR

Magic Login Mail or QR Code

by WordPress

CVEs (1)

  • CVE-2026-2144HigFeb 14, 2026
    risk 0.46cvss 8.1epss 0.00

    The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_Code.png) in the publicly accessible…