Lucene search
K

19 matches found

CVE
CVE
added 2026/05/27 9:49 a.m.27 views

CVE-2026-42731

CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43643

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/24 9:1 a.m.10 views

WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

WordPress plugin miniOrange OTP Verification and SMS Notification for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.00227EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-50168

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00581EPSS
Exploits0References3
NVD
NVD
added 2025/09/19 1:15 p.m.7 views

CVE-2025-7665

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...

8.1CVSS0.00345EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 4:18 a.m.12 views

CVE-2024-9861

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...

8.1CVSS7.1AI score0.00604EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:30 a.m.12 views

CVE-2023-47776 WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through = 4.2.1...

4.3CVSS7.3AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.5 views

PT-2024-13489 · Miniorange · Miniorange Otp Verification

Name of the Vulnerable Software and Affected Versions: miniorange otp verification versions n/a through 4.2.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured access control security levels. Recommendations: For...

4.3CVSS9.5AI score0.00328EPSS
Exploits0References3
NVD
NVD
added 2024/10/17 2:15 a.m.15 views

CVE-2024-9861

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...

8.1CVSS0.00604EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/17 2:6 a.m.19 views

CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'defaultuserrole' option. This makes it possible for unauthenticated attackers to register an administrator user even if the...

9.8CVSS9.6AI score0.00581EPSS
Exploits0References3
CVE
CVE
added 2024/10/17 2:6 a.m.58 views

CVE-2024-9862

The CVE-2024-9862 entry concerns the Miniorange OTP Verification with Firebase plugin for WordPress. Affects versions up to and including 3.6.0 where user-controlled access to objects and a missing current-password check enable unauthenticated password changes, potentially allowing administrator ...

9.8CVSS9.6AI score0.00581EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/17 2:5 a.m.11 views

CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...

8.1CVSS7.2AI score0.00604EPSS
Exploits0References4
CVE
CVE
added 2024/10/17 2:5 a.m.55 views

CVE-2024-9861

CVE-2024-9861 affects the Miniorange OTP Verification with Firebase WordPress plugin. Versions up to and including 3.6.0 fail to validate the OTP login token, enabling unauthenticated attackers to log in as any existing user (e.g., admin) if they know that user’s phone number. Multiple sources co...

8.1CVSS8.2AI score0.00604EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

WordPress plugin Miniorange OTP Verification with Firebase 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.8CVSS6.7AI score0.00581EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/10/16 1:4 p.m.6 views

WordPress Miniorange OTP Verification with Firebase plugin <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value vulnerability

Privilege Escalation via Registration due to Administrator Default User Role Value vulnerability discovered by István Márton in WordPress Plugin Miniorange OTP Verification with Firebase versions = 3.6.0...

9.8CVSS7AI score0.00581EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.13 views

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-9862 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 712edfb96dcd Credits...

9.8CVSS6.5AI score0.00581EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/16 12:0 a.m.17 views

WordPress Miniorange OTP Verification with Firebase Plugin <= 3.6.0 is vulnerable to Broken Authentication

Software Miniorange OTP Verification with Firebase Type Plugin Vulnerable versions = 3.6.0 Fixed in 3.6.1 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9861 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID...

8.1CVSS6.5AI score0.00604EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/11/14 12:0 a.m.8 views

WordPress miniorange otp verification Plugin <= 4.2.1 is vulnerable to Broken Access Control

Software miniorange otp verification Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47776 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 60649c9bd1ee Credits Abdi Pranat...

6.6AI score0.00328EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder