Headline
CVE-2022-42461: WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability - Patchstack
Broken Access Control vulnerability in miniOrange’s Google Authenticator plugin <= 5.6.1 on WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 5.6.1
PSID
a637b68a17fd
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-10-31
Details
Broken Access Control vulnerability leading to Plugin Settings Change discovered by Lana Codes (Patchstack Alliance) in WordPress miniOrange’s Google Authenticator plugin (versions <= 5.6.1).
Solution
Update the WordPress miniOrange’s Google Authenticator plugin to the latest available version (at least 5.6.2).
References