Search criteria
2 vulnerabilities found for Login With OTP Over SMS, Email, WhatsApp and Google Authenticator by Unknown
CVE-2022-1994 (GCVE-0-2022-1994)
Vulnerability from nvd – Published: 2022-06-27 08:59 – Updated: 2024-08-03 00:24
VLAI
Title
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
Summary
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/114d94be-b567-4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Login With OTP Over SMS, Email, WhatsApp and Google Authenticator |
Affected:
1.0.8 , < 1.0.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Login With OTP Over SMS, Email, WhatsApp and Google Authenticator",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Niraj Mahajan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:59:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Google Authenticator \u003c 1.0.8 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1994",
"STATE": "PUBLIC",
"TITLE": "Google Authenticator \u003c 1.0.8 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Login With OTP Over SMS, Email, WhatsApp and Google Authenticator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.8",
"version_value": "1.0.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Niraj Mahajan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1994",
"datePublished": "2022-06-27T08:59:16.000Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1994 (GCVE-0-2022-1994)
Vulnerability from cvelistv5 – Published: 2022-06-27 08:59 – Updated: 2024-08-03 00:24
VLAI
Title
Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
Summary
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Severity
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/114d94be-b567-4b… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Login With OTP Over SMS, Email, WhatsApp and Google Authenticator |
Affected:
1.0.8 , < 1.0.8
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Login With OTP Over SMS, Email, WhatsApp and Google Authenticator",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "1.0.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Niraj Mahajan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T08:59:16.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Google Authenticator \u003c 1.0.8 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1994",
"STATE": "PUBLIC",
"TITLE": "Google Authenticator \u003c 1.0.8 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Login With OTP Over SMS, Email, WhatsApp and Google Authenticator",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.8",
"version_value": "1.0.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Niraj Mahajan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1994",
"datePublished": "2022-06-27T08:59:16.000Z",
"dateReserved": "2022-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}