Miniorange Otp Login Verification And Sms Notifications
Monthly
Authentication bypass in the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1) lets unauthenticated attackers take over any Administrator account. Because um_reset_password_process_hook() never verifies server-side that the OTP step was completed and trusts a form_nonce that the plugin itself hands to anonymous visitors via the moumprvar JavaScript object, an attacker can supply an arbitrary username_b value to receive a fresh password-reset URL for any user in the 302 Location header. No public exploit identified at time of analysis, but the flaw is trivially scriptable and carries a critical 9.8 CVSS score.
Authentication bypass in the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1) lets unauthenticated attackers take over any Administrator account. Because um_reset_password_process_hook() never verifies server-side that the OTP step was completed and trusts a form_nonce that the plugin itself hands to anonymous visitors via the moumprvar JavaScript object, an attacker can supply an arbitrary username_b value to receive a fresh password-reset URL for any user in the 302 Location header. No public exploit identified at time of analysis, but the flaw is trivially scriptable and carries a critical 9.8 CVSS score.