Google Authenticator
CVE-2022-42461
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.
AnalysisAI
Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Affected products include: Miniorange Google Authenticator.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Google Authenticator
View allThe miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks whe
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, l
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not s
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capabi
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today