Security Advisory

CVE-2022-0229

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-21 18:55:42

Last updated 2024-08-02 23:18:42

Assigner WPScan

State PUBLISHED

Description

The miniOranges Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.

← Browse all CVEs View on cve.org ↗