Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.5.82

  • Severity: medium-risk
  • Status: Fixed
  • Publication: September 16, 2022

The miniOrange Google Authenticator plugin for WordPress is vulnerable to an authorization bypass. This means that attackers with subscriber-level permissions (or higher) can use the plugin to access or control certain parts of the system. For example, the attacker could terminate scans that were meant to check for malicious activity, or repeatedly start new scans to cause the system to run out of resources. They could also find out the status of the last scan, which may help them gain access to the site or server.

Detected in:

Google Authenticator – 2FA, MFA, OTP SMS and Email fixed vulnerable versions:
Google Authenticator – WordPress 2FA, MFA, OTP SMS and Email fixed vulnerable versions:
Google Authenticator – WordPress 2FA, OTP SMS and Email fixed vulnerable versions:
miniOrange 2-factor Authentication (2FA with SMS, Email, Google Authenticator) fixed vulnerable versions:
miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login fixed vulnerable versions: >= * <= 5.5.82
miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA, Two Factor, OTP SMS and Email | Passwordless login fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.