First published: Mon Dec 09 2024(Updated: )
Missing Authorization vulnerability in miniOrange miniorange otp verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through 4.2.1.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress miniOrange OTP Verification Plugin | <=4.2.1 | |
miniorange OTP Verification with Firebase WordPress | <=4.2.1 |
Update the WordPress miniorange otp verification plugin to the latest available version (at least 4.2.2).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-47776 has been classified as a high-severity vulnerability due to missing authorization in the miniOrange OTP verification plugin.
To fix CVE-2023-47776, update the miniOrange OTP verification plugin to version 4.2.2 or later, which resolves the authorization issues.
CVE-2023-47776 affects the miniOrange OTP verification plugin for WordPress up to and including version 4.2.1.
CVE-2023-47776 is a missing authorization vulnerability that can lead to ineffective access control.
Yes, CVE-2023-47776 can be exploited if the access control settings are misconfigured, potentially allowing unauthorized access.