Security vulnerabilities in WP 2FA (4)