2023-10-20 07:29:21
Wordfence
PUBLISHED
The miniOranges Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugins settings.