CVE-2022-4943

Name of the Vulnerable Software and Affected Versions miniOrange's Google Authenticator plugin for WordPress versions up to, and including, 5.6.5

Description The issue is related to a missing capability check when changing plugin settings, which allows unauthenticated attackers to modify the plugin's settings. This could potentially lead to unauthorized changes to the plugin's configuration.

Recommendations For versions up to, and including, 5.6.5, update to a version higher than 5.6.5 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings page to prevent unauthorized changes until a patch is available.