Security Advisory

CVE-2022-1321

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-27 08:56:28

Last updated 2024-08-03 00:03:05

Assigner WPScan

State PUBLISHED

Description

The miniOranges Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

← Browse all CVEs View on cve.org ↗