2 matches found
CVE-2025-7665
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...
PT-2025-38531
Name of the Vulnerable Software and Affected Versions Miniorange OTP Verification with Firebase plugin for WordPress versions 3.1.0 through 3.6.2 Description The Miniorange OTP Verification with Firebase plugin for WordPress is susceptible to privilege escalation. A missing capability check on th...