{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-7458","assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","state":"PUBLISHED","assignerShortName":"Wordfence","dateReserved":"2026-04-29T17:39:00.757Z","datePublished":"2026-05-02T04:27:43.795Z","dateUpdated":"2026-05-02T04:27:43.795Z"},"containers":{"cna":{"providerMetadata":{"orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence","dateUpdated":"2026-05-02T04:27:43.795Z"},"affected":[{"vendor":"pickplugins","product":"User Verification by PickPlugins","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.0.46","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a \"true\" OTP value."}],"title":"User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint","references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/35b86488-8f68-4738-a9a8-76d0b7976165?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/hook.php%23L164?rev=3461175"},{"url":"https://plugins.trac.wordpress.org/browser/user-verification/trunk/includes/functions-rest.php%23L234?rev=3461175"},{"url":"https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/index.php%23L71?rev=3461175"},{"url":"https://plugins.trac.wordpress.org/changeset/3519113/user-verification"}],"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-288 Authentication Bypass Using an Alternate Path or Channel","cweId":"CWE-288","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}],"credits":[{"lang":"en","type":"finder","value":"Supanat Konprom"}],"timeline":[{"time":"2026-04-30T03:17:42.000Z","lang":"en","value":"Vendor Notified"},{"time":"2026-05-01T15:46:35.000Z","lang":"en","value":"Disclosed"}]}}}