Search criteria

2 vulnerabilities found for miniOrange's Google Authenticator by Unknown

CVE-2022-0229 (GCVE-0-2022-0229)

Vulnerability from cvelistv5 – Published: 2022-03-21 18:55 – Updated: 2024-08-02 23:18
VLAI?
Title
miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion
Summary
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
Severity ?
No CVSS data available.
CWE
Assigner
References
https://wpscan.com/vulnerability/d70c5335-4c01-44… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown miniOrange's Google Authenticator Affected: 0 , < 5.5 (custom)
Create a notification for this product.
Credits
Krzysztof Zając WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:42.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "miniOrange\u0027s Google Authenticator",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The miniOrange\u0027s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-24T09:24:30.129Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "miniOrange\u0027s Google Authenticator \u003c 5.5 - Unauthenticated Arbitrary Options Deletion",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-0229",
    "datePublished": "2022-03-21T18:55:42",
    "dateReserved": "2022-01-14T00:00:00",
    "dateUpdated": "2024-08-02T23:18:42.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0229 (GCVE-0-2022-0229)

Vulnerability from nvd – Published: 2022-03-21 18:55 – Updated: 2024-08-02 23:18
VLAI?
Title
miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion
Summary
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
Severity ?
No CVSS data available.
CWE
Assigner
References
https://wpscan.com/vulnerability/d70c5335-4c01-44… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown miniOrange's Google Authenticator Affected: 0 , < 5.5 (custom)
Create a notification for this product.
Credits
Krzysztof Zając WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:42.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "miniOrange\u0027s Google Authenticator",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Krzysztof Zaj\u0105c"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The miniOrange\u0027s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-24T09:24:30.129Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "miniOrange\u0027s Google Authenticator \u003c 5.5 - Unauthenticated Arbitrary Options Deletion",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2022-0229",
    "datePublished": "2022-03-21T18:55:42",
    "dateReserved": "2022-01-14T00:00:00",
    "dateUpdated": "2024-08-02T23:18:42.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}