19 matches found
CVE-2026-42731
CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...
PT-2026-43643
Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...
WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...
WordPress plugin miniOrange OTP Verification and SMS Notification for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
EUVD-2024-50168
Malicious code in bioql PyPI...
CVE-2025-7665
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...
CVE-2024-9861
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...
CVE-2023-47776 WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through = 4.2.1...
PT-2024-13489 · Miniorange · Miniorange Otp Verification
Name of the Vulnerable Software and Affected Versions: miniorange otp verification versions n/a through 4.2.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control security levels. Recommendations: For...
CVE-2024-9861
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...
CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'defaultuserrole' option. This makes it possible for unauthenticated attackers to register an administrator user even if the...
CVE-2024-9862
The CVE-2024-9862 entry concerns the Miniorange OTP Verification with Firebase plugin for WordPress. Affects versions up to and including 3.6.0 where user-controlled access to objects and a missing current-password check enable unauthenticated password changes, potentially allowing administrator ...
CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...
CVE-2024-9861
CVE-2024-9861 affects the Miniorange OTP Verification with Firebase WordPress plugin. Versions up to and including 3.6.0 fail to validate the OTP login token, enabling unauthenticated attackers to log in as any existing user (e.g., admin) if they know that user’s phone number. Multiple sources co...
WordPress plugin Miniorange OTP Verification with Firebase 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Miniorange OTP Verification with Firebase plugin <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value vulnerability
Privilege Escalation via Registration due to Administrator Default User Role Value vulnerability discovered by István Márton in WordPress Plugin Miniorange OTP Verification with Firebase versions = 3.6.0...
WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication
Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-9862 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 712edfb96dcd Credits...
WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication
Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...
WordPress miniorange otp verification Plugin <= 4.2.1 is vulnerable to Broken Access Control
Software miniorange otp verification Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47776 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 60649c9bd1ee Credits Abdi Pranat...