152 matches found
CVE-2022-42461 WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...
CVE-2022-42461
CVE-2022-42461 concerns a Broken Access Control issue in miniOrange’s Google Authenticator plugin for WordPress, affected versions ≤ 5.6.1. The vulnerability is described across multiple sources as an access-control flaw in the plugin’s settings/authorization flow, with no publicly documented exp...
WordPress plugin Google Authenticator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
miniOrange's Google Authenticator < 5.6.2 - Subscriber+ Settings Update
The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...
WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes Patchstack Alliance in WordPress miniOrange's Google Authenticator plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at leas...
2FA Bypass in Cockpit Content Platform ≤ v2.2.1
Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...
WordPress Plugin Google Authenticator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress plugin Google Authenticator cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Google Authenticator plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...
WordPress Google Authenticator plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to Google Authenticator...
CVE-2022-0875
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...
CVE-2022-1321
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...
CVE-2022-1321
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...
CVE-2022-0875
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...
Cross site scripting
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...
Cross site scripting
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-1321
The CVE-2022-1321 entry concerns miniOrange’s Google Authenticator WordPress plugin, versions before 5.5.6. The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of certain settings, enabling an administrator to inject JavaScript that executes ...
CVE-2022-0875
The CVE-2022-0875 entry concerns the miniOrange Google Authenticator WordPress plugin before version 1.0.5. The vulnerability arises because the plugin does not perform CSRF checks when saving settings and fails to sanitise/escape input, enabling a logged-in administrator to modify settings and t...
miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=mo2fatwofa"...
WordPress plugin Google Authenticator 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...