Vulnerabilities > CVE-2022-0875 - Unspecified vulnerability in Miniorange Google Authenticator

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

miniorange

NVD

Published: 2022-06-27

Updated: 2024-11-21

Summary

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

Vulnerable Configurations

Part	Description	Count
Application	Miniorange Miniorange Google Authenticator 0.20 Miniorange Google Authenticator 0.30 Miniorange Google Authenticator 0.35 Miniorange Google Authenticator 0.36 Miniorange Google Authenticator 0.37 Miniorange Google Authenticator 0.38 Miniorange Google Authenticator 0.39 Miniorange Google Authenticator 0.40 Miniorange Google Authenticator 0.41 Miniorange Google Authenticator 0.42 Miniorange Google Authenticator 0.43 Miniorange Google Authenticator 0.44 Miniorange Google Authenticator 0.45 Miniorange Google Authenticator 0.46 Miniorange Google Authenticator 0.47 Miniorange Google Authenticator 0.48 Miniorange Google Authenticator 0.49 Miniorange Google Authenticator 0.50 Miniorange Google Authenticator 0.51 Miniorange Google Authenticator 0.52 Miniorange Google Authenticator 0.53 Miniorange Google Authenticator 0.54	22

Summary

Vulnerable Configurations

References