Miniorange Google Authenticator — known CVE vulnerabilities
Every CVE whose affected-product data names Miniorange Google Authenticator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-0229 — CVSS 8.1 (high): The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the…
CVE-2022-44589 — CVSS 8.1 (high): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two…
CVE-2022-4943 — CVSS 7.5 (high): The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when…
CVE-2022-42461 — CVSS 5.4 (medium): Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress.
CVE-2022-1321 — CVSS 4.8 (medium): The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious…
CVE-2022-0875 — CVSS 4.3 (medium): The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as…