Support » Plugin: Two-Factor » Not secure

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Kaspars

    (@kasparsd)

    @hongamtan Could you please elaborate on this? Did you enable one of the two factor methods in the user profile? What are the steps to reproduce the issue?

    Hello, I’m using wordpress app on android, and after i enable plugin i still able use app to create post, note that if i’m admin so i can have unfiltered html, then here is flow for attacker.
    -> Login to android app -> create post with embed js code to turn off two factor -> then wait admin to visit the post -> then two factor can be turn off without enter code from step 2.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this review.