WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress miniOrange’s Google Authenticator plugin version 5.5 or earlier is vulnerable to a cross-site request forgery vulnerability that stems from the plugin failing to properly authorize and check for cross-site request forgery when handling reconfigureMethod and failing to properly validate the parameters passed to it. An unauthenticated attacker could use this vulnerability to remove arbitrary options from the blog and make it unusable.