Privilege Escalation in miniOrange OTP Verification Plugin by miniOrange
CVE-2026-42731

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Miniorange Otp Verification
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42731?

The miniOrange OTP Verification plugin for WordPress is susceptible to an Incorrect Privilege Assignment vulnerability. This flaw allows attackers to escalate their privileges, potentially gaining unauthorized access to sensitive functionalities. The issue affects all versions of the miniOrange OTP Verification plugin up to and including version 5.4.9. It is crucial for users to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

miniorange otp verification 0 <= 5.4.9

References

https://patchstack.com/database/Wordpress/Plugin/minioran...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Peng Zhou | Patchstack Bug Bounty Program

CVE-2026-42731 Data

JSON