The plugin does not have proper Cross-Site Request Forgery (CSRF) check in some places, which could allow attackers to make logged in admins perform unwanted actions via Cross-Site Request Forgery (CSRF) attacks.
miniOrange’s Google Authenticator by miniOrange <= 5.5.82 - CSRF
LANACOMMONVDB ID: d1232cad-c088-486b-8530-377814d60d31