This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: A critical authentication bypass in WordPress plugin 'User Verification by PickPlugins'. π₯ **Consequences**: Attackers can log in as any user (e.g., Admin) without the real OTP code.β¦
π‘οΈ **Root Cause**: Weak PHP comparison operator (`==` instead of `===`). π **CWE**: CWE-288 (Authentication Bypass). The code treats the string "true" as equal to the boolean true, bypassing OTP validation.
Q3Who is affected? (Versions/Components)
π¦ **Affected**: WordPress Plugin: **User Verification by PickPlugins**. π **Versions**: All versions **β€ 2.0.46**.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Complete authentication bypass. π **Data**: Access to any account with a verified email. Admins are prime targets. No OTP required.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **LOW**. π **Auth**: None required (PR:N). π **Network**: Remote (AV:N). π€ **UI**: None needed (UI:N). Just send a POST request.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit**: No public PoC code in data, but the flaw is trivial. π₯ **Risk**: High likelihood of wild exploitation due to simplicity. "true" as OTP is a known bypass pattern.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for plugin version **β€ 2.0.46**. π§ͺ **Test**: Try logging in with OTP value set to string "true" for any verified user.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. Update to version **> 2.0.46**. π **Patch**: Reference changeset **3519113** fixes the comparison logic.
Q9What if no patch? (Workaround)
π§ **Workaround**: If unpatched, disable the plugin temporarily. π **Mitigation**: Restrict login attempts via WAF or disable email-OTP login feature if not essential.