CVE-2022-0875

🗓️ 27 Jun 2022 08:55:54Reported by WPScanType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 44 Views🌐 WEB

Google Authenticator plugin pre 1.0.5 allows XSS attac

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress plugin Google Authenticator 跨站请求伪造漏洞	27 Jun 202200:00	–	cnnvd
CNVD	WordPress Google Authenticator plugin跨站请求伪造漏洞	30 Jun 202200:00	–	cnvd
Cvelist	CVE-2022-0875 miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting	27 Jun 202208:55	–	cvelist
EUVD	EUVD-2022-15913	3 Oct 202520:07	–	euvd
NVD	CVE-2022-0875	27 Jun 202209:15	–	nvd
Prion	Cross site scripting	27 Jun 202209:15	–	prion
RedhatCVE	CVE-2022-0875	9 Jan 202610:44	–	redhatcve
wpexploit	miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting	6 Jun 202200:00	–	wpexploit
WPVulnDB	miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting	6 Jun 202200:00	–	wpvulndb

NVD

Vulners

Node

miniorange google_authenticatorRange<1.0.5wordpress

[
  {
    "product": "Google Authenticator",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.0.5",
        "status": "affected",
        "version": "1.0.5",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762

Parameter	Position	Path	Description	CWE
option	request body	wp-admin/admin.php?page=mo_view_page	Missing CSRF protection and improper input sanitisation/escaping in settings save allowing XSS via admin POST to the settings page.	CWE-352
mo2f_gauth_issuer	request body	wp-admin/admin.php?page=mo_view_page	Missing CSRF protection and improper input sanitisation/escaping in settings save allowing XSS via admin POST to the settings page.	CWE-352

21 Nov 2024 06:39Current

4.4Medium risk

Vulners AI Score4.4

CVSS 3.14.3

CVSS 24.3

EPSS0.00103

CWE-352