Google Authenticator – WordPress 2FA, MFA, OTP SMS and Email

This information is sourced from wpvulnerabilities.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Vulnerabilities

  • Input validation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.4.39

    Fixed

    The miniOrange Google Authenticator plugin for WordPress is not secure in versions up to 5.4.39. It is vulnerable to a type of attack called Reflected Cross-Site Scripting, which lets an unauthentica...

    Read More
  • Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.4.52

    Fixed

    MiniOrange's Google Authenticator WordPress plugin before version 5.5 had a security issue. It did not have the proper safeguards in place to protect against unauthorized changes or malicious attempts...

    Read More
  • Input validation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.5.7

    Fixed

    The miniOrange's Google Authenticator plugin for WordPress is a security feature that can be vulnerable to a type of attack called Reflected Cross-Site Scripting. This is when malicious code can be i...

    Read More
  • Input validation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.6.1

    Fixed

    MiniOrange's Google Authenticator plugin for WordPress can be vulnerable to Cross-Site Request Forgery if it is using versions up to 5.6.1. This means that an unauthenticated attacker could make a fa...

    Read More
  • Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.6.1

    Fixed

    The miniOrange plugin for WordPress

    Read More
  • Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.6.1

    Fixed

    The miniOrange Google Authenticator WordPress plugin has a security issue that could allow unauthorized people to change its settings. This affects all versions of the plugin up to and including 5.6.1...

    Read More
  • Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.6.5

    Fixed

    MiniOrange's Google Authenticator plugin for WordPress

    Read More
  • Input validation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.5.5

    Fixed

    Read More
  • Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.5.82

    Fixed

    The miniOrange Google Authenticator plugin for WordPress is vulnerable to an authorization bypass. This means that attackers with subscriber-level permissions (or higher) can use the plugin to access...

    Read More