Search criteria
2 vulnerabilities found for Google Authenticator by Unknown
CVE-2022-0875 (GCVE-0-2022-0875)
Vulnerability from cvelistv5 – Published: 2022-06-27 08:55 – Updated: 2024-08-02 23:40
VLAI?
Title
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
Summary
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Google Authenticator |
Affected:
1.0.5 , < 1.0.5
(custom)
|
Credits
Niraj Mahajan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Authenticator",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "1.0.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Niraj Mahajan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:55:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "miniOrange Google Authenticator \u003c 1.0.5 - CSRF to Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0875",
"STATE": "PUBLIC",
"TITLE": "miniOrange Google Authenticator \u003c 1.0.5 - CSRF to Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Authenticator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.5",
"version_value": "1.0.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Niraj Mahajan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0875",
"datePublished": "2022-06-27T08:55:54",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0875 (GCVE-0-2022-0875)
Vulnerability from nvd – Published: 2022-06-27 08:55 – Updated: 2024-08-02 23:40
VLAI?
Title
miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
Summary
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Google Authenticator |
Affected:
1.0.5 , < 1.0.5
(custom)
|
Credits
Niraj Mahajan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Google Authenticator",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "1.0.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Niraj Mahajan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:55:54",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "miniOrange Google Authenticator \u003c 1.0.5 - CSRF to Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0875",
"STATE": "PUBLIC",
"TITLE": "miniOrange Google Authenticator \u003c 1.0.5 - CSRF to Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Authenticator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.5",
"version_value": "1.0.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Niraj Mahajan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0875",
"datePublished": "2022-06-27T08:55:54",
"dateReserved": "2022-03-07T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}