Pickplugins User Verification By Pickplugins vulnerabilities
2 known vulnerabilities affecting pickplugins/user_verification_by_pickplugins.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-7458P2CRITICALCVSS 9.8≤ 2.0.462026-05-02
CVE-2026-7458 [CRITICAL] CWE-288 CVE-2026-7458: The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as
nvd
CVE-2025-12374P2CRITICALCVSS 9.8≤ 2.0.442025-12-05
CVE-2025-12374 [CRITICAL] CWE-287 CVE-2025-12374: The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – U
The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login – User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the "user_ver
nvd