MEDIUM
youtag
CVE published 2026-05-27
CVE-2026-8903
A Cross-Site Request Forgery (CSRF) vulnerability in the Two-factor authentication (formerly IP Vault) WordPress plugin allows unauthenticated attackers to modify critical security settings. The flaw exists in the ipv_save_changes function due to missing or incorrect nonce validation across all versions up to and including 2.1. Successful exploitation requires social engineering a site administrator into [truncated]