{"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-07-24T09:24:30.129Z"},"title":"miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion","problemTypes":[{"descriptions":[{"description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"miniOrange's Google Authenticator","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"5.5"}],"defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."}],"references":[{"url":"https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Krzysztof ZajÄ…c","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:18:42.888Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-0229","datePublished":"2022-03-21T18:55:42.000Z","dateReserved":"2022-01-14T00:00:00.000Z","dateUpdated":"2024-08-02T23:18:42.888Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}