[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#CVE-2026-14245

articleCRITICAL 9.8

CVE-2026-14245: Critical Authentication Bypass in miniOrange OTP Login, Verification and SMS Notifications Plugin

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to take control of an arbitrary Administrator account. The plugin's flawed implementation of the password reset process enables attackers to obtain a freshly generated password-reset URL for an Administrator account. Immediate patching is recommended.

Jul 10, 20261 source