Filtered by vendor Miniorange
Subscriptions
Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41873 | 2 Miniorange, Wordpress | 2 Saml Sp Single Sign On, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4. | ||||
| CVE-2023-24375 | 2 Miniorange, Wordpress | 2 Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress | 2026-04-15 | 3.5 Low |
| Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14. | ||||
| CVE-2023-52176 | 2 Miniorange, Wordpress | 2 Malware Scanner, Wordpress | 2026-04-15 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in miniorange Malware Scanner allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Malware Scanner: from n/a through 4.7.1. | ||||
| CVE-2024-9863 | 1 Miniorange | 1 Otp Verification | 2026-04-15 | 9.8 Critical |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. | ||||
| CVE-2023-25455 | 1 Miniorange | 1 Wordpress Social Login And Register \(discord\, Google\, Twitter\, Linkedin\) | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0. | ||||
| CVE-2025-39545 | 1 Miniorange | 1 Wordpress Rest Api Authentication | 2026-04-15 | N/A |
| Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through <= 3.6.3. | ||||
| CVE-2025-14948 | 3 Miniorange, Woocommerce, Wordpress | 3 Otp Verification, Woocommerce, Wordpress | 2026-04-15 | 5.3 Medium |
| The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `enable_wc_sms_notification` AJAX action in all versions up to, and including, 4.3.8. This makes it possible for unauthenticated attackers to enable or disable SMS notification settings for WooCommerce orders. | ||||
| CVE-2024-2172 | 1 Miniorange | 2 Malware Scanner, Web Application Firewall | 2026-04-15 | 9.8 Critical |
| The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator. | ||||
| CVE-2025-68974 | 2 Miniorange, Wordpress | 3 Social Login, Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0. | ||||
| CVE-2025-7665 | 2 Miniorange, Wordpress | 2 Otp Verification With Firebase, Wordpress | 2026-04-15 | 8.1 High |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to Administrator. Premium features must be enabled in order to exploit the vulnerability. | ||||
| CVE-2025-54745 | 2 Miniorange, Wordpress | 2 Google Authenticator, Wordpress | 2026-04-15 | 6.5 Medium |
| Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-factor-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniOrange's Google Authenticator: from n/a through <= 6.1.1. | ||||
| CVE-2023-47683 | 2 Miniorange, Wordpress | 2 Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress | 2026-04-15 | 8 High |
| Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6. | ||||
| CVE-2025-53561 | 2 Miniorange, Wordpress | 2 Prevent Files \/ Folders Access, Wordpress | 2026-04-15 | N/A |
| Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through <= 2.6.0. | ||||
| CVE-2024-0681 | 1 Miniorange | 1 Page Restriction | 2026-04-08 | 5.3 Medium |
| The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage. | ||||
| CVE-2023-3447 | 1 Miniorange | 1 Active Directory Integration \/ Ldap Integration | 2026-04-08 | 7.6 High |
| The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for attackers, with an existing account on a vulnerable WordPress instance, to extract potentially sensitive information from the LDAP directory. | ||||
| CVE-2023-3249 | 1 Miniorange | 1 Web3 - Crypto Wallet Login \& Nft Token Gating | 2026-04-08 | 9.8 Critical |
| The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the 'hidden_form_data' function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | ||||
| CVE-2024-11297 | 1 Miniorange | 1 Page Restriction | 2026-04-08 | 5.3 Medium |
| The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-11087 | 1 Miniorange | 1 Social Login | 2026-04-08 | 8.1 High |
| The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token. | ||||
| CVE-2023-4506 | 1 Miniorange | 1 Active Directory Integration \/ Ldap Integration | 2026-04-08 | 2.2 Low |
| The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | ||||
| CVE-2023-4505 | 1 Miniorange | 1 Staff \/ Employee Business Directory For Active Directory | 2026-04-08 | 2.2 Low |
| The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | ||||