Lucene search
K

330 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43028

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO OAuth Client allows Password Recovery Exploitation. This issue affects OAuth Single Sign On - SSO OAuth Client: from n/a through 38.5.8...

9.8CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43026

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the...

9.8CVSS6.2AI score
Exploits0References6
CVE
CVE
added yesterday4 views

CVE-2026-12761

Summary (CVE-2026-12761) The miniOrange Social Login and Register plugin for WordPress is vulnerable through the Profile Completion OTP flow in versions up to and including 7.7.0. The flow accepts an arbitrary email via the email_field POST parameter and does not verify that the email belongs to ...

9.8CVSS6.2AI score
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42543

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS6AI score0.00586EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42731

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.4AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 11:16 a.m.20 views

CVE-2026-42731

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS0.00321EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42731

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.40 views

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS0.00321EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.9 views

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.10 views

EUVD-2026-32177

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.26 views

CVE-2026-42731

CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WordPress plugin miniorange otp verification 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43643

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/24 9:1 a.m.9 views

WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Peng Zhou in WordPress Plugin miniorange otp verification versions = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/01/10 7:3 a.m.7 views

EUVD-2026-1858

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

5.3CVSS4.9AI score0.00227EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 7:3 a.m.28 views

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

5.3CVSS0.00227EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.4 views

WordPress plugin miniOrange OTP Verification and SMS Notification for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.5AI score0.00227EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/09 10:11 p.m.9 views

WordPress miniOrange OTP Verification and SMS Notification for WooCommerce plugin <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification vulnerability

Missing Authorization to Unauthenticated Notification Settings Modification vulnerability discovered by Abdualrhman Muzamil - 0bytes in WordPress Plugin miniOrange OTP Verification and SMS Notification for WooCommerce versions = 4.3.8...

5.3CVSS7AI score0.00227EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.10 views

CVE-2023-25455

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a...

5.3CVSS8.6AI score0.0073EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:40 a.m.6 views

CVE-2022-26493

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...

9.8CVSS7AI score0.00545EPSS
Exploits0References1
Rows per page
Query Builder