Описание
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.5 (исключая)
cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 46%
0.00233
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.1
github
почти 4 года назад
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
EPSS
Процентиль: 46%
0.00233
Низкий
8.1 High
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-352