Lucene search
K

4 matches found

OSV
OSV
added 2022/03/21 7:15 p.m.2 views

CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

8.1CVSS7.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/21 7:15 p.m.6 views

CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

8.1CVSS7.6AI score0.00538EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/03/21 12:0 a.m.5 views

PT-2022-13048 · Miniorange · Google Authenticator Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: miniOrange's Google Authenticator WordPress plugin versions prior to 5.5 Description: The issue arises from the lack of proper authorization and CSRF checks when handling the reconfigureMethod, and improper validation of parameters passed to...

8.1CVSS8.1AI score0.00538EPSS
Exploits2References5
wpexploit
wpexploit
added 2022/02/28 12:0 a.m.233 views

miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion

The plugin does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. Note: The initial issue was fixed in...

8.1CVSS3.2AI score0.00538EPSS
Exploits2
Rows per page
Query Builder