|All In One WP Security & Firewall
|Fully patched version
|Upgrade to version 5.1.9 or higher and explicitly enable 2FA secret encryption in the plugin settings.
This vulnerability is the exact same one as in the Two-Factor-Authentication plugin by Updraft. All in One WP Security & Firewall contains a copy of the plugin.