Pickplugins User Verification
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pickplugins User Verification.
By the Year
In 2026 there have been 2 vulnerabilities in Pickplugins User Verification with an average score of 7.6 out of ten. User Verification did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.55 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new User Verification vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pickplugins User Verification Security Vulnerabilities
WordPress PickPlugins User Verification 2.0.46 Auth Bypass via Loose PHP compare
CVE-2026-7458
9.8 - Critical
- May 02, 2026
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "user_verification_form_wrap_process_otpLogin" function. This makes it possible for unauthenticated attackers to log in as any user with a verified email address, such as an administrator, by submitting a "true" OTP value.
Authentication Bypass Using an Alternate Path or Channel
PickPlugins User Verification <=2.0.45 Weak Authentication (Auth Abuse)
CVE-2026-32497
5.3 - Medium
- March 25, 2026
Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through <= 2.0.45.
1390
User Verification WP Plugin <1.0.94 Auth Bypass via Public Username
CVE-2022-4693
9.8 - Critical
- January 23, 2023
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the users username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pickplugins User Verification or by Pickplugins? Click the Watch button to subscribe.
