Review
Happy Coders
CVE published 2026-07-16
CVE-2026-12492
The Happy Coders OTP Login for WooCommerce WordPress plugin before 2.8 has a critical vulnerability that allows unauthenticated attackers to log in as any existing user, including administrators, and create new accounts. This is because the plugin does not verify that a one-time password was actually validated before authenticating a user based on a supplied identifier. The vulnerability has a high impact [truncated]