3 matches found
CVE-2024-11087
CVE-2024-11087 relates to the miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon for WordPress. The vulnerability is an authentication bypass introduced by insufficient verification on the user returned by the social login token, allowing unauthenticated attackers...
CVE-2025-24896 Misskey allows token to remain valid in cookie after signing out
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, a login token named token is stored in a cookie for authentication purposes in Bull Dashboard, but this remains undeleted even after logout is performed. The primary...
CVE-2025-24896
CVE-2025-24896 concerns Misskey, an open-source federated social platform. A login token named token is stored in a cookie for Bull Dashboard authentication and is not deleted after logout in versions up to 12.109.0 and before 2025.2.0-alpha.0, potentially exposing the token to others on public o...