Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification 4.2.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 14, 2023

The miniorange otp verification plugin for WordPress has a security vulnerability in versions 4.2.1 and earlier. This vulnerability makes it possible for people with a subscriber-level account or above to dismiss notices that are intended for admins. This means that important information may not be seen by the right people. It is important to update the plugin to the latest version to ensure that notices are being seen by the right people.

Detected in:

Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification fixed vulnerable versions: >= * <= 4.2.1
miniOrange OTP Login, Verification and SMS Notifications fixed vulnerable versions:
OTP Verification / Email Verification / SMS Verification / OTP Authentication / SMS Notification fixed vulnerable versions:
OTP Verification / Email Verification / SMS Verification / OTP Authentication / WooCommerce Notification fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.