Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2022-1321 - Google Authenticator Plugin
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
PLUGIN
Google Authenticator
CVE-2022-1321
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0875 - Google Authenticator Plugin
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
PLUGIN
Google Authenticator
CVE-2022-0875
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-0229 - Google Authenticator Plugin
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
PLUGIN
Google Authenticator
CVE-2022-0229
Risk Score