CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

325 matches found

NVD•added 2026/05/27 11:16 a.m.•8 views

CVE-2026-42731

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS0.00054EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 9:49 a.m.•4 views

CVE-2026-42731

9.8CVSS5.8AI score0.00054EPSS

Exploits0References2

Cvelist•added 2026/05/27 9:49 a.m.•25 views

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

9.8CVSS0.00054EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•5 views

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

9.8CVSS5.8AI score0.00054EPSS

Exploits0References1

CVE•added 2026/05/27 9:49 a.m.•10 views

CVE-2026-42731

CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...

9.8CVSS5.8AI score0.00054EPSS

Exploits0References1

EUVD•added 2026/05/27 9:49 a.m.•4 views

EUVD-2026-32177

9.8CVSS5.8AI score0.00054EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin miniorange otp verification 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

9.8CVSS5.8AI score0.00054EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-43643

9.8CVSS5.8AI score0.00054EPSS

Exploits0References2

Patchstack•added 2026/05/24 9:1 a.m.•4 views

WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...

9.8CVSS5.8AI score0.00054EPSS

Exploits0Affected Software1

EUVD•added 2026/01/10 7:3 a.m.•3 views

EUVD-2026-1858

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

5.3CVSS4.9AI score0.00128EPSS

Exploits0References4

Cvelist•added 2026/01/10 7:3 a.m.•23 views

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

5.3CVSS0.00128EPSS

Exploits0References3

CNNVD•added 2026/01/10 12:0 a.m.•1 views

WordPress plugin miniOrange OTP Verification and SMS Notification for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.00128EPSS

Exploits0References4

Patchstack•added 2026/01/09 10:11 p.m.•5 views

WordPress miniOrange OTP Verification and SMS Notification for WooCommerce plugin <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification vulnerability

Missing Authorization to Unauthenticated Notification Settings Modification vulnerability discovered by Abdualrhman Muzamil - 0bytes in WordPress Plugin miniOrange OTP Verification and SMS Notification for WooCommerce versions = 4.3.8...

5.3CVSS7AI score0.00128EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 9:31 a.m.•8 views

CVE-2023-25455

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a...

5.3CVSS8.6AI score0.00154EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:40 a.m.•4 views

CVE-2022-26493

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

9.8CVSS7AI score0.00178EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:8 a.m.•5 views

CVE-2024-2172

The Malware Scanner plugin and the Web Application Firewall plugin for WordPress both by MiniOrange are vulnerable to privilege escalation due to a missing capability check on the mowpnsinit function in all versions up to, and including, 4.7.2 for Malware Scanner and 2.1.1 for Web Application...

9.8CVSS7.3AI score0.01125EPSS

Exploits1References1

RedhatCVE•added 2025/12/31 11:5 a.m.•1 views

CVE-2025-68974

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...

6.6CVSS7.1AI score0.00095EPSS

Exploits0References1

EUVD•added 2025/12/30 12:30 p.m.•1 views

EUVD-2025-205761

9.8CVSS6.6AI score0.00095EPSS

Exploits0References2

NVD•added 2025/12/30 11:15 a.m.•1 views

CVE-2025-68974

6.6CVSS0.00095EPSS

Exploits0References1

Vulnrichment•added 2025/12/30 10:47 a.m.•2 views

CVE-2025-68974 WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability