WordPress plugin Google Authenticator cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Google Authenticator plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to Google Authenticator...

WordPress Google Authenticator plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

Cross site scripting

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

CVE-2022-1321

The CVE-2022-1321 entry concerns miniOrange’s Google Authenticator WordPress plugin, versions before 5.5.6. The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of certain settings, enabling an administrator to inject JavaScript that executes ...

CVE-2022-0875

The CVE-2022-0875 entry concerns the miniOrange Google Authenticator WordPress plugin before version 1.0.5. The vulnerability arises because the plugin does not perform CSRF checks when saving settings and fails to sanitise/escape input, enabling a logged-in administrator to modify settings and t...

WordPress plugin Google Authenticator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...

WordPress plugin Google Authenticator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=mo2fatwofa&a"alert/XSS/...

WordPress plugin Google Authenticator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to Google Authenticator...

WordPress miniOrange's Google Authenticator plugin <= 5.5.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress miniOrange's Google Authenticator plugin versions = 5.5.7. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at least 5.5.75...

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=mo2fatwofa"...

MAL-2022-6791 Malicious code in universal-authenticator-library-js-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 634c9abec0578ad529a15e3faab7ef695e47e5a1b95299329e27a8ca7e00e22f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus...

miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example in multisite setup Enable 2FA + Website Security and put...