WordPress plugin miniorange otp verification 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

CVE-2025-68974

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...

EUVD-2019-3981

Malware in sbrugna...

EUVD-2022-52196

Malicious code in bioql PyPI...

EUVD-2024-50167

Malicious code in bioql PyPI...

EUVD-2023-27796

Malicious code in bioql PyPI...

CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...

CVE-2025-7665

The CVE-2025-7665 entry concerns Miniorange OTP Verification with Firebase for WordPress, affecting versions 3.1.0–3.6.2. A missing capability check in the handle_mofirebase_form_options function enables unauthenticated privilege escalation to Administrator. Exploitation is described as requiring...

CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...

CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...

CVE-2023-23706

Cross-Site Request Forgery CSRF vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

CVE-2023-37986

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin = 1.1.3 versions...

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...