18 matches found
CVE-2026-8787
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...
CVE-2026-8787 Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...
CVE-2026-8787 Firebase Support & Chat Management <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the firebaseauth function authenticating the request as the WordPress user whose email is supplied in the useremail POST parameter without...
PT-2026-43507
Name of the Vulnerable Software and Affected Versions Firebase Support & Chat Management plugin for WordPress versions prior to 3.1.2 Description An issue allows authenticated attackers with Subscriber-level access or higher to escalate privileges and achieve full account takeover. The firebase...
Malicious code in firebase-mini-css-extract-plugin-buffer-kinetic (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c2507e2bca64e33f699252a47bc05ebba3fc5ea3681ca06aa4a5a418b1e064fe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2025-7665
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...
CVE-2025-7665
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...
CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...
PT-2025-38531
Name of the Vulnerable Software and Affected Versions Miniorange OTP Verification with Firebase plugin for WordPress versions 3.1.0 through 3.6.2 Description The Miniorange OTP Verification with Firebase plugin for WordPress is susceptible to privilege escalation. A missing capability check on th...
CVE-2024-11785
The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebaseshow' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-9862
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
CVE-2024-11785 Integrate Firebase <= 0.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebaseshow' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-9862
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
CVE-2024-9862
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
CVE-2024-9862
The CVE-2024-9862 entry concerns the Miniorange OTP Verification with Firebase plugin for WordPress. Affects versions up to and including 3.6.0 where user-controlled access to objects and a missing current-password check enable unauthenticated password changes, potentially allowing administrator ...
CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
WordPress plugin Miniorange OTP Verification with Firebase 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Miniorange OTP Verification with Firebase plugin <= 3.6.0 - Unauthenticated Arbitrary User Password Change vulnerability
Unauthenticated Arbitrary User Password Change vulnerability discovered by István Márton in WordPress Plugin Miniorange OTP Verification with Firebase versions = 3.6.0...