Overview
- Description
- The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the phone number associated with that user.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security@wordfence.com
- CWE-288
Social media
- Hype score
- Not currently trending
CVE-2024-9861 (CVSS:8.1, HIGH) is Awaiting Analysis. The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up..https://t.co/trYMLqEFnZ #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
22 Oct 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9861 The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missin… https://t.co/VkC0qa6piq
@CVEnew
527 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9861 Authentication Bypass in Miniorange OTP Plugin for WordPress 3.6.0 The Miniorange OTP Verification with Firebase plugin for WordPress, in versions up to 3.6.0, has an authentication bypass issue. Th... https://t.co/Wkw6dKLm3J
@VulmonFeeds
57 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes