Lucene search
K

334 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.6 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6.1CVSS6.1AI score0.01376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/25 11:20 p.m.8 views

CVE-2025-39545

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...

5.4CVSS7.2AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 1:15 p.m.10 views

CVE-2025-39545

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...

5.4CVSS0.0047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/10 7:18 a.m.10 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS7.4AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2025/03/08 7:15 a.m.11 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS0.00431EPSS
Exploits0References2
OSV
OSV
added 2025/03/08 7:15 a.m.3 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2025/03/08 7:4 a.m.78 views

CVE-2024-11087

CVE-2024-11087 relates to the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon for WordPress. The vulnerability is an authentication bypass introduced by insufficient verification on the user returned by the social login token, allowing unauthenticated attackers...

9.8CVSS8.2AI score0.00431EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/08 7:4 a.m.13 views

CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

8.1CVSS8.2AI score0.00431EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/08 7:4 a.m.13 views

CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

8.1CVSS0.00431EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/03/08 3:41 a.m.7 views

WordPress miniOrange Social Login and Register Pro Addon plugin <= 200.3.9 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by wesley wcraft in WordPress Plugin miniOrange Social Login and Register Pro Addon versions = 200.3.9...

9.8CVSS7AI score0.00431EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/08 12:0 a.m.6 views

WordPress plugin miniOrange Social Login and Register 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An authorization issue vulnerability...

9.8CVSS8.9AI score0.00431EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/06 1:24 a.m.18 views

CVE-2022-34155

Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO OAuth Client plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO OAuth Client: from n/a through 6.23.3...

8.8CVSS8.5AI score0.00958EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:0 p.m.14 views

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor...

8.1CVSS7.3AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:32 a.m.7 views

CVE-2024-9862

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and t...

9.8CVSS7AI score0.00581EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:18 a.m.12 views

CVE-2024-9861

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. This is due to missing validation on the token being supplied during the otp login through the plugin. This makes it possible for unauthenticated...

8.1CVSS7.1AI score0.00604EPSS
Exploits0References1
NVD
NVD
added 2024/12/13 3:15 p.m.12 views

CVE-2023-41873

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

4.3CVSS0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/13 2:24 p.m.39 views

CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4...

4.3CVSS0.00408EPSS
Exploits0References1
CVE
CVE
added 2024/12/13 2:23 p.m.42 views

CVE-2023-37987

CVE-2023-37987 refers to a Missing Authorization / Broken Access Control vulnerability in the miniOrange YourMembership Single Sign On (YourMembership SSO) plugin. Affected: WordPress YourMembership SSO, versions up to 1.1.3 (listed as n/a through 1.1.3). Impact: improper access control could all...

6.5CVSS8AI score0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/13 2:23 p.m.19 views

CVE-2023-37987 WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in miniOrange YourMembership Single Sign On login-with-yourmembership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through = 1.1.3...

6.5CVSS6.9AI score0.00491EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.5 views

PT-2024-13004 · Miniorange · Miniorange Saml Sp Single Sign On

Name of the Vulnerable Software and Affected Versions: miniOrange SAML SP Single Sign On versions prior to 5.0.4 Description: The issue affects the miniOrange SAML SP Single Sign On plugin, allowing for broken access control due to missing authorization. This enables exploitation of incorrectly...

4.3CVSS9.7AI score0.00408EPSS
Exploits0References7
Rows per page
Query Builder