3 matches found
CVE-2025-7665
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...
PT-2025-38531
Name of the Vulnerable Software and Affected Versions Miniorange OTP Verification with Firebase plugin for WordPress versions 3.1.0 through 3.6.2 Description The Miniorange OTP Verification with Firebase plugin for WordPress is susceptible to privilege escalation. A missing capability check on th...
PT-2024-39894 · WordPress · Miniorange Otp Verification With Firebase
Name of the Vulnerable Software and Affected Versions: Miniorange OTP Verification with Firebase plugin for WordPress versions up to, and including, 3.6.0 Description: The issue allows unauthenticated attackers to change user passwords and potentially take over administrator accounts due to the...