CVE-2026-14245 | miniOrange OTP Login, Verification and SMS Notifications Plugin Password Reset um_reset_password_process_hook password recovery
A vulnerability, which was classified as critical, was found in miniOrange OTP Login, Verification and SMS Notifications Plugin up to 5.5.1. This affects the function um_reset_password_process_hook of the component Password Reset. The manipulation of the argument username_b results in weak password recovery.
This vulnerability was named CVE-2026-14245. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More