CVE-2022-1321

Name of the Vulnerable Software and Affected Versions miniOrange's Google Authenticator WordPress plugin versions prior to 5.5.6

Description The issue allows malicious users with administrator privileges to store malicious Javascript code, leading to Cross-Site Scripting attacks when unfiltered html is disallowed, such as in a multisite setup.

Recommendations For versions prior to 5.5.6, update to version 5.5.6 or later to resolve the issue. As a temporary workaround, consider restricting administrator privileges and ensuring proper input validation and sanitization for all plugin settings.