CVE-2022-0875 – The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when savin …

Vuln ID: CVE-2022-0875

Published:  2022-06-27  09:15:08Z

Description: The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks

Source: NVD.NIST.GOV

 


Date:

Categorie(s):

Tag(s):