Vulnerability Details CVE-2022-0875
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.4%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.3
References
Products affected by CVE-2022-0875
-
cpe:2.3:a:miniorange:google_authenticator:0.20
-
cpe:2.3:a:miniorange:google_authenticator:0.30
-
cpe:2.3:a:miniorange:google_authenticator:0.35
-
cpe:2.3:a:miniorange:google_authenticator:0.36
-
cpe:2.3:a:miniorange:google_authenticator:0.37
-
cpe:2.3:a:miniorange:google_authenticator:0.38
-
cpe:2.3:a:miniorange:google_authenticator:0.39
-
cpe:2.3:a:miniorange:google_authenticator:0.40
-
cpe:2.3:a:miniorange:google_authenticator:0.41
-
cpe:2.3:a:miniorange:google_authenticator:0.42
-
cpe:2.3:a:miniorange:google_authenticator:0.43
-
cpe:2.3:a:miniorange:google_authenticator:0.44
-
cpe:2.3:a:miniorange:google_authenticator:0.45
-
cpe:2.3:a:miniorange:google_authenticator:0.46
-
cpe:2.3:a:miniorange:google_authenticator:0.47
-
cpe:2.3:a:miniorange:google_authenticator:0.48
-
cpe:2.3:a:miniorange:google_authenticator:0.49
-
cpe:2.3:a:miniorange:google_authenticator:0.50
-
cpe:2.3:a:miniorange:google_authenticator:0.51
-
cpe:2.3:a:miniorange:google_authenticator:0.52
-
cpe:2.3:a:miniorange:google_authenticator:0.53
-
cpe:2.3:a:miniorange:google_authenticator:0.54