2 matches found
CVE-2022-0875
The CVE-2022-0875 entry concerns the miniOrange Google Authenticator WordPress plugin before version 1.0.5. The vulnerability arises because the plugin does not perform CSRF checks when saving settings and fails to sanitise/escape input, enabling a logged-in administrator to modify settings and t...
CVE-2022-0875 miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...