CVE-2022-0875

The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
References
Configurations

Configuration 1

cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-06-27 09:15

Updated : 2022-07-07 02:52


NVD link : CVE-2022-0875

Mitre link : CVE-2022-0875

Products Affected
No products.
CWE