A vulnerability labeled as problematic has been found in WP 2FA Plugin 2.2.1/2.3.0/3.0.0 on WordPress. Impacted is an unknown function of the component 2FA Setup. Executing a manipulation of the argument email address can lead to missing authorization.
This vulnerability is tracked as CVE-2026-12988. The attack can be launched remotely. No exploit exists.