CVE-2022-44589
HIGH
8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0069
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
Application
Google Authenticator by Miniorange
Version Range Affected
To
5.6.2
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://patchstack.com/database/vulnerability/miniorange-2-factor-authenticatio…
https://patchstack.com/database/vulnerability/miniorange-2-factor-authenticatio…