Lucene search
K

38 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-12761

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Completion flow accepting an arbitrary email address via the...

9.8CVSS0.00463EPSS
Exploits0References6
CVE
CVE
added 5 days ago9 views

CVE-2026-12761

Summary (CVE-2026-12761) The miniOrange Social Login and Register plugin for WordPress is vulnerable through the Profile Completion OTP flow in versions up to and including 7.7.0. The flow accepts an arbitrary email via the email_field POST parameter and does not verify that the email belongs to ...

9.8CVSS6.2AI score0.00463EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42543

The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to, and including, 5.5.1. This is due to the umresetpasswordprocesshook function performing no server-side...

9.8CVSS6AI score0.00586EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin miniorange otp verification 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/10 7:3 a.m.30 views

CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification

The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enablewcsmsnotification AJAX action in all versions up to, and including, 4.3.8. This makes it possible for...

5.3CVSS0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/31 11:5 a.m.5 views

CVE-2025-68974

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...

6.6CVSS7.1AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3981

Malware in sbrugna...

6.1CVSS6.3AI score0.01066EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50167

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00604EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.20 views

EUVD-2023-27796

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-52196

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00543EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/19 12:27 p.m.9 views

CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handlemofirebaseformoptions' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to...

8.1CVSS0.00345EPSS
Exploits0References2
CVE
CVE
added 2025/09/19 12:27 p.m.26 views

CVE-2025-7665

The CVE-2025-7665 entry concerns Miniorange OTP Verification with Firebase for WordPress, affecting versions 3.1.0–3.6.2. A missing capability check in the handle_mofirebase_form_options function enables unauthenticated privilege escalation to Administrator. Exploitation is described as requiring...

8.1CVSS5.8AI score0.00345EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/20 8:2 a.m.29 views

CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...

9.3CVSS0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/09 3:56 p.m.24 views

CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...

8.8CVSS0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:12 a.m.12 views

CVE-2023-23706

Cross-Site Request Forgery CSRF vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

8.8CVSS7.1AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.13 views

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:49 a.m.8 views

CVE-2023-37986

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin = 1.1.3 versions...

5.9CVSS5.6AI score0.0031EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.6 views

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

6.1CVSS6.1AI score0.01376EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/10 7:18 a.m.11 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS7.4AI score0.00431EPSS
Exploits0References1
OSV
OSV
added 2025/03/08 7:15 a.m.3 views

CVE-2024-11087

The miniOrange Social Login and Register Discord, Google, Twitter, LinkedIn Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This make...

9.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder