Access violation vulnerability in miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login 5.5.82

The miniOrange Google Authenticator plugin for WordPress is vulnerable to an authorization bypass. This means that attackers with subscriber-level permissions (or higher) can use the plugin to access or control certain parts of the system. For example, the attacker could terminate scans that were meant to check for malicious activity, or repeatedly start new scans to cause the system to run out of resources. They could also find out the status of the last scan, which may help them gain access to the site or server.

Detected in:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Is this information incorrect? Please leave us a message.