{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12374", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-27T21:22:35.296Z", "datePublished": "2025-12-05T06:07:19.086Z", "dateUpdated": "2026-04-08T17:06:06.262Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:06:06.262Z"}, "affected": [{"vendor": "pickplugins", "product": "User Verification by PickPlugins", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.44", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value."}], "title": "Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification <= 2.0.44 - Authentication Bypass to Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ccb1304-326e-43af-b75d-23874f92ba8b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/hook.php#L141"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3442150%40user-verification&new=3442150%40user-verification&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-287 Improper Authentication", "cweId": "CWE-287", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "lucky_buddy"}], "timeline": [{"time": "2025-10-15T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-12-04T17:39:15.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T13:41:53.467539Z", "id": "CVE-2025-12374", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T13:42:15.161Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12374", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-05T13:41:53.467539Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T13:42:09.734Z"}}], "cna": {"title": "Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification <= 2.0.39 - Authentication Bypass to Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "lucky_buddy"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "pickplugins", "product": "User Verification by PickPlugins", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.0.39"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-15T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-12-04T17:39:15.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ccb1304-326e-43af-b75d-23874f92ba8b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/hook.php#L141"}], "descriptions": [{"lang": "en", "value": "The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.39. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-05T06:07:19.086Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12374", "state": "PUBLISHED", "dateUpdated": "2025-12-05T13:42:15.161Z", "dateReserved": "2025-10-27T21:22:35.296Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-05T06:07:19.086Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Email Verification, Email OTP, Block Spam Email, Passwordless login, Hide Login, Magic Login \u2013 User Verification plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.44. This is due to the plugin not properly validating that an OTP was generated before comparing it to user input in the \"user_verification_form_wrap_process_otpLogin\" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting an empty OTP value."}], "id": "CVE-2025-12374", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-05T07:16:11.117", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/user-verification/trunk/templates/email-otp-login-form/hook.php#L141"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3442150%40user-verification&new=3442150%40user-verification&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ccb1304-326e-43af-b75d-23874f92ba8b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:17:00.772581+00:00", "value": {"mitigation_remediation": ["Upgrade the User Verification plugin to the latest version that implements proper OTP validation.", "If an update is not yet available, temporarily disable the OTP login feature or deactivate the plugin until a patch is released.", "Monitor authentication logs for suspicious activity and enforce stricter account recovery procedures to detect any compromised accounts early."], "summary": {"action": "Immediate Patch", "impact": "Account takeover via authentication bypass"}, "threat_synthesis": {"affected_systems": "Any WordPress installation that uses the PickPlugins User Verification plugin version 2.0.44 or earlier is affected. The vulnerability exists in the user_verification_form_wrap_process_otpLogin function, and any site that enables OTP, magic login, or passwordless login features via this plugin is at risk.", "description_and_impact": "The User Verification plugin for WordPress is vulnerable to an authentication bypass that allows attackers to log in as any user with a verified email address, including administrators, by submitting an empty one\u2011time password. This flaw arises because the plugin does not verify that an OTP has actually been generated before comparing it to the input. As a result, the system accepts the empty value and grants access, effectively compromising the confidentiality and integrity of affected accounts.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity, while the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in CISA's KEV catalog, but its high severity means that once exploited it would allow full account takeover. The likely attack vector is a web\u2011based form submission with an empty OTP field, requiring no special privileges or sophisticated techniques beyond standard HTTP requests."}}}}, "created": "2025-12-05T20:56:26.119336+00:00", "updated": "2026-04-22T12:30:16.827310+00:00", "vendors": ["pickplugins", "pickplugins$PRODUCT$user_verification", "wordpress", "wordpress$PRODUCT$wordpress"]}