Vulnerabilities and security researches forminiorange-otp-verification miniorange-otp-verification

Jul 22, 2024

CVE, Research URL: 621f296b6870e58890ecf2cecbb450d88fff0326
Home page URL: Security reports for Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification
Application: Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification
Date: Nov 14, 2023
Research Description: Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification [miniorange-otp-verification] < 4.2.2 WordPress miniorange otp verification Plugin <= 4.2.1 is vulnerable to Broken Access Control Update the WordPress miniorange otp verification plugin to the latest available version (at least 4.2.2). Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress miniorange otp verification Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 4.2.2.
Affected versions: max 4.2.2.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-47776
Home page URL: Security reports for Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification
Application: Email Verification / SMS Verification / OTP Verification / OTP Authentication / WooCommerce Notification
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in miniOrange miniorange otp verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through 4.2.1.
Affected versions: max 4.2.2.
Status: vulnerable