Update the WordPress miniOrange's Google Authenticator plugin to the latest available version (at least 5.6.2).
Calvin Alkan discovered and reported this Sensitive Data Exposure vulnerability in WordPress miniOrange's Google Authenticator Plugin. This vulnerability has been fixed in version 5.6.2.
Broken Access Control vulnerability
Reflected CrossSite Scripting (XSS) vulnerability
Authenticated Stored CrossSite Scripting (XSS) vulnerability
Unauthenticated Arbitrary Options Deletion vulnerability