VYPR

Miniorange OTP Verification with Firebase

by WordPress

CVEs (1)

  • CVE-2025-7665HigSep 19, 2025
    risk 0.53cvss 8.1epss 0.00

    The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update…