miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)

Vulnerabilities 13Slug miniorange-2-factor-authenticationLatest version 6.2.4WordPress.org →

Minimum safe version

6.1.2

Update to 6.1.2 or later to address 13 fixable vulnerabilities

Latest available6.2.4 ✓

Medium 6.5

2025-12-18< 6.1.2

CVE-2025-54745

CVE Wordfence

N/A

< 5.4.40

miniOrange's Google Authenticator < 5.4.40 - Reflected Cross-Site Scripting

WPScan

N/A

< 5.5.75

miniOrange's Google Authenticator < 5.5.75 - Reflected Cross-Site Scripting

WPScan

Medium 5.3

2023-10-20< 5.6.6

CVE-2022-4943

CVE Patchstack Wordfence WPScan

N/A

2021-08-10< 5.4.40

miniOrange's Google Authenticator <= 5.4.39 - Cross-Site Scripting

Wordfence

N/A

2022-06-27< 5.5.75

miniOrange's Google Authenticator <= 5.5.7 - Reflected Cross-Site Scripting

Wordfence

N/A

2022-09-16< 5.6.0

miniOrange's Google Authenticator <= 5.5.82 - Missing Authorization

Wordfence

N/A

2022-11-01< 5.6.2

miniOrange's Google Authenticator <= 5.6.1 - Cross-Site Request Forgery to Malware Scan Termination

Wordfence

High 8.1

2023-12-29< 5.6.2

CVE-2022-44589

CVE Patchstack Wordfence

Medium 5.4

2022-11-18< 5.6.2

CVE-2022-42461

CVE Patchstack Wordfence WPScan

N/A

2022-06-27< 5.5.75

WordPress miniOrange's Google Authenticator plugin <= 5.5.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

Medium 4.8

2022-06-27< 5.5.6

CVE-2022-1321

CVE Patchstack Wordfence WPScan

High 8.1

2022-03-21< 5.5

CVE-2022-0229

CVE Patchstack Wordfence WPScan