WordPress Plugin Vulnerabilities

miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion

Description

The plugin does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.

Note: The initial issue was fixed in 5.4.49, however v5.5 also fixed the fact that any authenticated could call the reconfigure method against another user

Proof of Concept

https://example.com/?reconfigureMethod=1&transactionId=siteurl&user_id=siteurl

Affects Plugins

miniorange-2-factor-authentication

Fixed in version 5.5

References

CVE

CVE-2022-0229

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

d70c5335-4c01-448d-85fc-f8e75b104351

Timeline

Publicly Published

2022-02-28 (about 7 months ago)

Added

2022-02-28 (about 7 months ago)

Last Updated

2022-04-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin