Lucene search
China National Vulnerability DatabaseCNVD-2022-83618HistoryMar 23, 2022 - 12:00 a.m.
WordPress miniOrange's Google Authenticator plugin cross-site request forgery vulnerability
2022-03-2300:00:00
China National Vulnerability Database
www.cnvd.org.cn
15
wordpress
miniorange
google authenticator
cross-site request forgery
vulnerability
php
plugin
version 5.5
authorization
parameter validation
unauthenticated attacker
blog usability
security issue
vulnerability disclosure
EPSS
0.001
Percentile
40.0%
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress miniOrange’s Google Authenticator plugin version 5.5 or earlier is vulnerable to a cross-site request forgery vulnerability that stems from the plugin failing to properly authorize and check for cross-site request forgery when handling reconfigureMethod and failing to properly validate the parameters passed to it. An unauthenticated attacker could use this vulnerability to remove arbitrary options from the blog and make it unusable.
Related
patchstack
patchstack
cvelist
cvelist
cve
cve
CVE-2022-0229
2022-03-21 19:15:10
nvd
nvd
CVE-2022-0229
2022-03-21 19:15:10
prion
prion
Cross site request forgery (csrf)
2022-03-21 19:15:00
wpvulndb
wpvulndb
wpexploit
wpexploit