Lucene search
K

20 matches found

Patchstack
Patchstack
added 2026/03/20 10:22 a.m.7 views

WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability

WordPress KiviCare - Clinic & Patient Management System EHR plugin = 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability discovered by Gibran Abdillah in WordPress Plugin KiviCare versions = 4.1.2...

9.8CVSS5.8AI score0.00434EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/03/18 3:28 p.m.18 views

CVE-2026-2991

The CVE-2026-2991 affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (

7.3CVSS5.9AI score0.00434EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-21859

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-34019

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.00517EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-32902

Malicious code in bioql PyPI...

8.1CVSS8.6AI score0.00666EPSS
Exploits0References4
NVD
NVD
added 2025/07/18 9:15 a.m.7 views

CVE-2025-7444

The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.0.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing...

9.8CVSS0.0055EPSS
Exploits0References2
NVD
NVD
added 2025/03/08 7:15 a.m.11 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS0.00431EPSS
Exploits0References2
OSV
OSV
added 2025/03/08 7:15 a.m.3 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2025/03/08 7:4 a.m.78 views

CVE-2024-11087

CVE-2024-11087 relates to the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon for WordPress. The vulnerability is an authentication bypass introduced by insufficient verification on the user returned by the social login token, allowing unauthenticated attackers...

9.8CVSS8.2AI score0.00431EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/08 7:4 a.m.13 views

CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

8.1CVSS0.00431EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 4:35 a.m.9 views

CVE-2024-9893

The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.1.14. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as a...

9.8CVSS7.1AI score0.00645EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:35 a.m.12 views

CVE-2024-9947

The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS7.1AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:34 a.m.11 views

CVE-2024-9488

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS7.1AI score0.0081EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/12 3:23 a.m.16 views

CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...

8.1CVSS7.2AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 3:23 a.m.26 views

CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...

8.1CVSS0.00759EPSS
Exploits0References3
CVE
CVE
added 2024/11/06 6:43 a.m.57 views

CVE-2024-10020

CVE-2024-10020 — Heateor Social Login WordPress plugin suffers an authentication bypass in all versions up to 1.1.35 due to insufficient verification of the user returned by the social login token. This allows unauthenticated attackers to log in as an existing user on the site (provided they have...

8.1CVSS8.2AI score0.00504EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/05 7:15 a.m.4 views

CVE-2024-10097

The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to lo...

8.1CVSS5.8AI score0.00666EPSS
Exploits0References4
OSV
OSV
added 2024/10/25 6:15 a.m.7 views

CVE-2024-9488

The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.6.24. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS5.8AI score0.0081EPSS
Exploits0References3
OSV
OSV
added 2024/10/23 7:15 a.m.5 views

CVE-2024-9947

The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any...

9.8CVSS5.8AI score0.00514EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-39960 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress Pro plugin for WordPress versions up to, and including, 4.11.1 Description: The issue is due to insufficient verification on the user being returned by the social login token, allowing unauthenticated attackers to log in as any...

9.8CVSS7.2AI score0.00514EPSS
Exploits0References8
Rows per page
Query Builder