CVE-2023-25455

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a...

EUVD-2025-205761

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...

EUVD-2023-28431

Malicious code in bioql PyPI...

CVE-2025-47670

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through =...

CVE-2025-47670

CVE-2025-47670 is an LFI (Local File Inclusion) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon, affecting versions up to 7.6.10. Root cause: improper filename control in PHP include/require leading to RFI/LFI. CVSSv3.1 base score 8.1...

CVE-2023-24375

Missing Authorization vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a...

CVE-2025-39545

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...

CVE-2025-39545

Missing Authorization vulnerability in miniOrange WordPress REST API Authentication wp-rest-api-authentication allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress REST API Authentication: from n/a through = 3.6.3...

PT-2024-12031 · Miniorange · Miniorange Wordpress Social Login/Register

Name of the Vulnerable Software and Affected Versions: miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn versions 7.5.14 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation due to incorrectly configured...

CVE-2023-23710

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn plugin = 7.5.14 versions...

CVE-2022-4496 miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an...

CVE-2022-4496 miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login

The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an...