334 matches found
CVE-2020-6850
Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...
CVE-2025-39545
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...
CVE-2025-39545
Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...
CVE-2024-11087
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-11087
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-11087
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-11087
CVE-2024-11087 relates to the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon for WordPress. The vulnerability is an authentication bypass introduced by insufficient verification on the user returned by the social login token, allowing unauthenticated attackers...
CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
WordPress miniOrange Social Login and Register Pro Addon plugin <= 200.3.9 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin miniOrange Social Login and Register Pro Addon versions = 200.3.9...
WordPress plugin miniOrange Social Login and Register 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerability...
CVE-2022-34155
Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO OAuth Client plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO OAuth Client: from n/a through 6.23.3...
CVE-2022-44589
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...
CVE-2024-9862
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...
CVE-2024-9861
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...
CVE-2023-41873
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...
CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...
CVE-2023-37987
CVE-2023-37987 refers to a Missing Authorization / Broken Access Control vulnerability in the miniOrange YourMembership Single Sign On (YourMembership SSO) plugin. Affected: WordPress YourMembership SSO, versions up to 1.1.3 (listed as n/a through 1.1.3). Impact: improper access control could all...
CVE-2023-37987 WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in miniOrange YourMembership Single Sign On login-with-yourmembership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through = 1.1.3...
PT-2024-13004 · Miniorange · Miniorange Saml Sp Single Sign On
Name of the Vulnerable Software and Affected Versions: miniOrange SAML SP Single Sign On versions prior to 5.0.4 Description: The issue affects the miniOrange SAML SP Single Sign On plugin, allowing for broken access control due to missing authorization. This enables exploitation of incorrectly...