{"api_version":"1","generated_at":"2026-04-24T01:40:35+00:00","cve":"CVE-2022-0229","urls":{"html":"https://cve.report/CVE-2022-0229","api":"https://cve.report/api/cve/CVE-2022-0229.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-0229","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-0229"},"summary":{"title":"CVE-2022-0229","description":"The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.","state":"PUBLIC","assigner":"contact@wpscan.com","published_at":"2022-03-21 19:15:00","updated_at":"2023-11-07 03:41:00"},"problem_types":["CWE-352","CWE-862"],"metrics":[],"references":[{"url":"https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351","name":"https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351","refsource":"MISC","tags":[],"title":"Attention Required! | Cloudflare","mime":"text/html","httpstatus":"403","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-0229","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0229","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"229","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"google_authenticator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-0229","ASSIGNER":"contact@wpscan.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862 Missing Authorization"}]},{"description":[{"lang":"eng","value":"CWE-352 Cross-Site Request Forgery (CSRF)"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Unknown","product":{"product_data":[{"product_name":"miniOrange's Google Authenticator","version":{"version_data":[{"version_affected":"<","version_name":"0","version_value":"5.5"}]}}]}}]}},"references":{"reference_data":[{"url":"https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351","refsource":"MISC","name":"https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351"}]},"generator":{"engine":"WPScan CVE Generator"},"source":{"discovery":"EXTERNAL"},"credits":[{"lang":"en","value":"Krzysztof ZajÄ…c"},{"lang":"en","value":"WPScan"}]},"nvd":{"publishedDate":"2022-03-21 19:15:00","lastModifiedDate":"2023-11-07 03:41:00","problem_types":["CWE-352","CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"5.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"229","Ordinal":"225901","Title":"CVE-2022-0229","CVE":"CVE-2022-0229","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"229","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}