Skip to main content

Google Authenticator

6 CVEs product

Monthly

CVE-2022-44589 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA , Two Factor, OTP SMS and Email |. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google WordPress Google Authenticator
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2022-4943 HIGH This Week

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google WordPress Google Authenticator
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-42461 HIGH This Week

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation WordPress Google Authenticator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-1321 MEDIUM POC This Month

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Authenticator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2022-0875 MEDIUM POC This Month

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS CSRF WordPress Google Authenticator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-0229 HIGH POC This Week

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Google Authenticator
NVD WPScan
CVSS 3.1
8.1
EPSS
0.5%
EPSS 1% CVSS 8.1
HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA , Two Factor, OTP SMS and Email |. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google WordPress +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google WordPress +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Privilege Escalation WordPress +1
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress +1
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS CSRF +2
NVD WPScan
EPSS 1% CVSS 8.1
HIGH POC This Week

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress +1
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy