334 matches found
CVE-2025-54049
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-54048
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-54049
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-54048
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-53561
Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through = 2.6.0...
CVE-2025-53561
CVE-2025-53561: Path traversal vulnerability in WordPress plugin Prevent files / folders access (
CVE-2025-53561 WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability
Path Traversal: '.../...//' vulnerability in miniOrange Prevent files / folders access prevent-file-access allows Path Traversal.This issue affects Prevent files / folders access: from n/a through = 2.6.0...
CVE-2025-54048
CVE-2025-54048: WordPress plugin Custom API for WP
CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2...
CVE-2025-54049
CVE-2025-54049 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin Custom API for WP . Affected versions are listed as pre-n/a through 4.2.2 . The vulnerability permits Privilege Escalation within the plugin. Multiple sources (NVD, Red Hat, CVE lists, Patchstack, and...
PT-2025-33982 · Miniorange · Miniorange Prevent Files / Folders Access
Name of the Vulnerable Software and Affected Versions: miniOrange Prevent files / folders access versions n/a through 2.6.0 Description: A path traversal vulnerability exists in miniOrange Prevent files / folders access, allowing attackers to traverse file paths. This issue allows path traversal...
PT-2025-34013 · WordPress · Miniorange Custom Api For Wp
Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This allows for SQL injection attacks...
PT-2025-34014
Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: An incorrect privilege assignment issue in miniOrange Custom API for WP allows privilege escalation. Recommendations: Update miniOrange Custom API for WP to a version later than...
CVE-2025-31019
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
CVE-2025-31019
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Password Policy Manager password-policy-manager allows Authentication Abuse.This issue affects Password Policy Manager: from n/a through = 2.0.4...
PT-2025-24472 · Miniorange · Miniorange Password Policy Manager
Name of the Vulnerable Software and Affected Versions: miniOrange Password Policy Manager versions 2.0.4 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing Authentication Abuse. Recommendations: For miniOrange Password Policy...
CVE-2025-47672
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange miniOrange Discord Integration miniorange-discord-integration allows PHP Local File Inclusion.This issue affects miniOrange Discord Integration: from n/a through = 2.2...
CVE-2025-47670
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...