The WP 2FA WordPress plugin does not generate backup codes with enough entropy, which could allow attackers to bypass the second factor by brute forcing themCreditsBenjamin NadarevićWPScanReferenceshttps://wpscan.com/vulnerability/5e2d033c-dde6-4774-8588-cbe268c0d797/
