Lucene search
+L

152 matches found

Cvelist
Cvelist
added 2022/11/18 7:6 p.m.35 views

CVE-2022-42461 WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin = 5.6.1 on WordPress...

5.4CVSS8.8AI score0.00636EPSS
Exploits0References1
CVE
CVE
added 2022/11/18 7:6 p.m.71 views

CVE-2022-42461

CVE-2022-42461 concerns a Broken Access Control issue in miniOrange’s Google Authenticator plugin for WordPress, affected versions ≤ 5.6.1. The vulnerability is described across multiple sources as an access-control flaw in the plugin’s settings/authorization flow, with no publicly documented exp...

8.8CVSS6.9AI score0.00636EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.18 views

WordPress plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

8.8CVSS6.6AI score0.00636EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2022/10/31 12:0 a.m.25 views

miniOrange's Google Authenticator < 5.6.2 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

8.8CVSS4.5AI score0.00636EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2022/10/31 12:0 a.m.22 views

WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability

Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes Patchstack Alliance in WordPress miniOrange's Google Authenticator plugin versions = 5.6.1. Solution Update the WordPress miniOrange's Google Authenticator plugin to the latest available version at leas...

8.8CVSS3.8AI score0.00636EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2022/08/11 12:2 p.m.36 views

2FA Bypass in Cockpit Content Platform ≤ v2.2.1

Description 2FA secret is disclosed in JWT token after user logs into his account in Cockpit Content Platform ≤ v2.2.1 allowing attacker to bypass the 2FA code. Proof of Concept 1.Login with your admin account and enable 2FA in your account and logout. 2.Go to...

6.5CVSS9.3AI score0.01278EPSS
Exploits1
CNNVD
CNNVD
added 2022/08/06 12:0 a.m.21 views

WordPress Plugin Google Authenticator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

7.5CVSS6.8AI score0.00543EPSS
Exploits0References3
CNVD
CNVD
added 2022/07/06 12:0 a.m.20 views

WordPress plugin Google Authenticator cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS4.9AI score0.00565EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.20 views

WordPress Google Authenticator plugin跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...

4.3CVSS1.8AI score0.00412EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/30 12:0 a.m.27 views

WordPress Google Authenticator plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress prior to Google Authenticator...

4.8CVSS1.9AI score0.00566EPSS
Exploits2References1
OSV
OSV
added 2022/06/27 9:15 a.m.5 views

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References1
OSV
OSV
added 2022/06/27 9:15 a.m.4 views

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

4.8CVSS5.8AI score0.00566EPSS
Exploits2References1
NVD
NVD
added 2022/06/27 9:15 a.m.27 views

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

4.8CVSS0.00566EPSS
Exploits2References1
NVD
NVD
added 2022/06/27 9:15 a.m.24 views

CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...

4.3CVSS0.00412EPSS
Exploits2References1
Prion
Prion
added 2022/06/27 9:15 a.m.21 views

Cross site scripting

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...

3.5CVSS4.9AI score0.00566EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/27 9:15 a.m.20 views

Cross site scripting

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

3.5CVSS4.8AI score0.00565EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/06/27 8:56 a.m.80 views

CVE-2022-1321

The CVE-2022-1321 entry concerns miniOrange’s Google Authenticator WordPress plugin, versions before 5.5.6. The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of certain settings, enabling an administrator to inject JavaScript that executes ...

4.8CVSS4.8AI score0.00566EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/06/27 8:55 a.m.56 views

CVE-2022-0875

The CVE-2022-0875 entry concerns the miniOrange Google Authenticator WordPress plugin before version 1.0.5. The vulnerability arises because the plugin does not perform CSRF checks when saving settings and fails to sanitise/escape input, enabling a logged-in administrator to modify settings and t...

4.3CVSS4.4AI score0.00412EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/27 12:0 a.m.20 views

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin.php?page=mo2fatwofa"...

0.3AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.4 views

WordPress plugin Google Authenticator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. versions of the WordPress Google Authenticator plugin prior to 1.0.5 are vulnerable to cross-site...

4.3CVSS5.2AI score0.00412EPSS
Exploits2References2
Rows per page
Query Builder