WP 2FA – Two-factor authentication for WordPress

Vulnerabilities 12Slug wp-2faLatest version 3.1.1.2WordPress.org →

Minimum safe version

3.0.0

Update to 3.0.0 or later to address 12 fixable vulnerabilities

Latest available3.1.1.2 ✓

Medium 6.3

2025-11-24< 3.0.0

CVE-2025-12628

CVE Wordfence

Medium 5.3

2024-06-21< 2.6.4

CVE-2022-44587

CVE Patchstack Wordfence

High 7.1

2024-04-18< 2.6.3

CVE-2024-32568

CVE Patchstack Wordfence

Medium 4.3

2024-01-11< 2.6.0

CVE-2023-6520

CVE Patchstack Wordfence WPScan

Medium 4.3

2024-01-11< 2.6.0

CVE-2023-6506

CVE Patchstack Wordfence WPScan

N/A

< 2.2.0

WP 2FA < 2.2.0 - Arbitrary 2FA Disabling via IDOR

WPScan

N/A

2022-04-13< 2.2.0

WP 2FA – Two-factor authentication for WordPress <= 2.1.0 - Insecure Direct Object Reference

Wordfence

Medium 5.3

2024-03-21< 2.2.1

CVE-2022-44595

CVE Wordfence

N/A

< 2.2.1

WordPress WP 2FA Plugin <= 2.2.0 is vulnerable to Broken Authentication

Patchstack

Medium 5.9

2023-09-14< 2.3.0

WordPress WP 2FA Plugin <= 2.2.1 is vulnerable to Sensitive Data Exposure

Patchstack CVE Wordfence WPScan

Medium 6.1

2023-05-06< 2.2.1

WordPress WP 2FA Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)

Patchstack CVE Wordfence WPScan

N/A

2022-04-29< 2.2.0

WordPress WP 2FA plugin <= 2.1.0 - Arbitrary 2FA Disabling via Insecure Direct Object References (IDOR) vulnerability

Patchstack