Update the WordPress miniOrange's Google Authenticator plugin to the latest available version (at least 5.6.2).
Lana Codes discovered and reported this Broken Access Control vulnerability in WordPress miniOrange's Google Authenticator Plugin. This vulnerability has been fixed in version 5.6.2.
Factor Authentication plugin <= 5.6.1 Sensitive Data Exposure vulnerability
23.11.2022
Reflected CrossSite Scripting (XSS) vulnerability
27.06.2022
Authenticated Stored CrossSite Scripting (XSS) vulnerability
06.06.2022
Unauthenticated Arbitrary Options Deletion vulnerability
28.02.2022