{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/user-verification-by-pickplugins-plugin-for-wordpress--2.0.46/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-7458"}],"_cs_exploited":false,"_cs_products":["User Verification by PickPlugins plugin for WordPress \u003c= 2.0.46"],"_cs_severities":["critical"],"_cs_tags":["wordpress","authentication bypass","cve-2026-7458"],"_cs_type":"threat","_cs_vendors":["PickPlugins"],"content_html":"\u003cp\u003eThe User Verification by PickPlugins plugin, a popular WordPress plugin, contains a critical authentication bypass vulnerability (CVE-2026-7458) affecting all versions up to and including 2.0.46. The flaw resides within the \u003ccode\u003euser_verification_form_wrap_process_otpLogin\u003c/code\u003e function, where a loose PHP comparison operator is used to validate OTP codes. This weakness allows unauthenticated attackers to bypass the OTP verification process and log in as any user with a verified email address, potentially gaining administrative access. Successful exploitation requires the attacker to submit the string \u0026ldquo;true\u0026rdquo; as the OTP value. This vulnerability poses a significant risk to WordPress sites using the affected plugin, potentially leading to complete site compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using a vulnerable version of the User Verification by PickPlugins plugin (\u0026lt;= 2.0.46).\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the OTP login form provided by the plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker enters the email address of a target user, such as an administrator.\u003c/li\u003e\n\u003cli\u003eThe attacker intercepts the OTP request and instead of a numerical code, submits the string \u0026ldquo;true\u0026rdquo; as the OTP value.\u003c/li\u003e\n\u003cli\u003eThe vulnerable \u003ccode\u003euser_verification_form_wrap_process_otpLogin\u003c/code\u003e function processes the submitted OTP. Due to the loose PHP comparison (e.g., \u003ccode\u003e==\u003c/code\u003e instead of \u003ccode\u003e===\u003c/code\u003e), the string \u0026ldquo;true\u0026rdquo; evaluates to \u003ccode\u003etrue\u003c/code\u003e, bypassing the intended OTP validation.\u003c/li\u003e\n\u003cli\u003eThe plugin incorrectly authenticates the attacker as the targeted user.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the targeted user\u0026rsquo;s account, potentially gaining administrative privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker can now perform actions such as modifying website content, installing malicious plugins, or exfiltrating sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7458 allows unauthenticated attackers to bypass the OTP verification mechanism and gain unauthorized access to any user account with a verified email address on a vulnerable WordPress site. This can lead to complete compromise of the affected WordPress site, enabling attackers to modify content, inject malicious code, steal sensitive data, or use the site for malicious purposes. Given the plugin\u0026rsquo;s popularity, this vulnerability could impact a large number of WordPress websites.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the User Verification by PickPlugins plugin to the latest version (greater than 2.0.46) to patch CVE-2026-7458.\u003c/li\u003e\n\u003cli\u003eMonitor WordPress access logs for unusual login attempts or the presence of \u0026ldquo;true\u0026rdquo; as OTP values to identify potential exploitation attempts. Deploy the \u003ccode\u003eDetect Successful Authentication Bypass via True OTP\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement stricter input validation and sanitization for OTP codes to prevent similar bypass vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-02T05:16:01Z","date_published":"2026-05-02T05:16:01Z","id":"/briefs/2026-05-wordpress-auth-bypass/","summary":"The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in versions up to 2.0.46 due to a loose PHP comparison, allowing unauthenticated attackers to log in as any verified user by submitting a 'true' OTP value.","title":"WordPress User Verification Plugin Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-wordpress-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — User Verification by PickPlugins Plugin for WordPress \u003c= 2.0.46","version":"https://jsonfeed.org/version/1.1"}