[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7Ja-_Y1HS8HzqRJMjsiiaAdoT0KagnE8BIZv8q8v3M4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-44589","minioranges-google-authenticator-sensitive-data-exposure-of-multifactor-backup-codes","miniOrange's Google Authenticator \u003C= 5.6.1 - Sensitive Data Exposure of Multifactor Backup Codes","The miniOrange's Google Authenticator plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 5.6.1 via functions such as 'mo_wpns_get_progress' and 'mo2f_use_backup_codes'. This can allow attackers to extract sensitive data about multifactor authentication backup codes, and information about plugin malware scans.","miniorange-2-factor-authentication",null,"\u003C=5.6.1","5.6.2","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2022-11-23 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa0e54185-a917-49cd-b99d-5b773a7ed06a?source=api-prod",426]