CVE-2022-1994

Summary

The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Affected Software

VendorProductVersion RangeStatus
UnknownLogin With OTP Over SMS, Email, WhatsApp and Google Authenticator1.0.8 < 1.0.8affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References