WordPress Plugin Duo Two-Factor Authentication is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and gain unauthorized access to the affected application. The vulnerability exists only in multi-site deployments scenario with the plugin disabled globally and enabled on a site-by-site basis. WordPress Plugin Duo Two-Factor Authentication version 1.8.1 is vulnerable; prior versions are also affected.
Update to plugin version 2.0 or latest