20 matches found
WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability
WordPress KiviCare - Clinic & Patient Management System EHR plugin = 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability discovered by Gibran Abdillah in WordPress Plugin KiviCare versions = 4.1.2...
CVE-2026-2991
The CVE-2026-2991 affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (
EUVD-2025-21859
Malicious code in bioql PyPI...
EUVD-2024-34019
Malicious code in bioql PyPI...
EUVD-2024-32902
Malicious code in bioql PyPI...
CVE-2025-7444
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing...
CVE-2024-11087
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-11087
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-11087
CVE-2024-11087 relates to the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon for WordPress. The vulnerability is an authentication bypass introduced by insufficient verification on the user returned by the social login token, allowing unauthenticated attackers...
CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass
The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...
CVE-2024-9893
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...
CVE-2024-9947
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9488
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
CVE-2024-10020
CVE-2024-10020 — Heateor Social Login WordPress plugin suffers an authentication bypass in all versions up to 1.1.35 due to insufficient verification of the user returned by the social login token. This allows unauthenticated attackers to log in as an existing user on the site (provided they have...
CVE-2024-10097
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...
CVE-2024-9488
The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9947
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...
PT-2024-39960 · WordPress · Profilepress
Name of the Vulnerable Software and Affected Versions: ProfilePress Pro plugin for WordPress versions up to, and including, 4.11.1 Description: The issue is due to insufficient verification on the user being returned by the social login token, allowing unauthenticated attackers to log in as any...