Otp Verification With Firebase Security Vulnerabilities and Issues — Otp Verification With Firebase CVE List

Lucene search

MiniorangeOtp Verification With Firebase

3 matches found

CVE•added 2024/10/17 2:15 a.m.•41 views

CVE-2024-9863

The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the reg...

9.8CVSS9.7AI score0.00234EPSS

CVE•added 2024/10/17 2:15 a.m.•38 views

CVE-2024-9862

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the...

9.8CVSS9.6AI score0.00476EPSS

CVE•added 2024/10/17 2:15 a.m.•37 views

CVE-2024-9861

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attack...

8.1CVSS8.2AI score0.00222EPSS