The plugin does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
v < 1.0.4 v < 1.0.5
CPE | Name | Operator | Version |
---|---|---|---|
miniorange-google-authenticator | eq | * |