浏览 40+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14948 | miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification | cyberlord92 | miniOrange OTP Verification and SMS Notification for WooCommerce | Medium | 5.3 | 2026-01-10 07:03:56 | Deep Dive |
| CVE-2025-68974 | WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability | miniOrange | WordPress Social Login and Register | Medium | 6.6 | 2025-12-30 10:47:48 | Deep Dive |
| CVE-2025-54745 | WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability | miniOrange | miniOrange's Google Authenticator | - | - | 2025-12-18 07:21:50 | Deep Dive |
| CVE-2025-7665 | Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation | cyberlord92 | Miniorange OTP Verification with Firebase | High | 8.1 | 2025-09-19 12:27:36 | Deep Dive |
| CVE-2025-53561 | WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability | miniOrange | Prevent files / folders access | Medium | 6.5 | 2025-08-20 08:03:14 | Deep Dive |
| CVE-2025-54048 | WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability | miniOrange | Custom API for WP | Critical | 9.3 | 2025-08-20 08:02:57 | Deep Dive |
| CVE-2025-54049 | WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability | miniOrange | Custom API for WP | Critical | 9.9 | 2025-08-20 08:02:56 | Deep Dive |
| CVE-2025-31019 | WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability | miniOrange | Password Policy Manager | High | 8.8 | 2025-06-09 15:56:49 | Deep Dive |
| CVE-2025-47670 | WordPress Social Login and Register plugin <= 7.6.10 - Local File Inclusion Vulnerability | miniOrange | WordPress Social Login and Register | High | 8.1 | 2025-05-23 12:43:22 | Deep Dive |
| CVE-2025-47672 | WordPress miniOrange Discord Integration plugin <= 2.2.2 - Local File Inclusion Vulnerability | miniOrange | miniOrange Discord Integration | High | 8.1 | 2025-05-23 12:43:21 | Deep Dive |
| CVE-2025-39545 | WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability | miniOrange | WordPress REST API Authentication | Medium | 5.4 | 2025-04-16 12:44:39 | Deep Dive |
| CVE-2024-11087 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass | cyberlord92 | miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) | High | 8.1 | 2025-03-08 07:04:55 | Deep Dive |
| CVE-2023-41873 | WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability | miniOrange | SAML SP Single Sign On | Medium | 4.3 | 2024-12-13 14:24:24 | Deep Dive |
| CVE-2023-37987 | WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability | miniOrange | YourMembership Single Sign On | Medium | 6.5 | 2024-12-13 14:23:53 | Deep Dive |
| CVE-2023-24375 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control vulnerability | miniOrange | WordPress Social Login and Register | Low | 3.5 | 2024-12-09 11:31:41 | Deep Dive |
| CVE-2023-25455 | WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability | miniOrange | WordPress Social Login and Register | Medium | 5.3 | 2024-12-09 11:31:33 | Deep Dive |
| CVE-2023-47776 | WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability | miniOrange | miniorange otp verification | 中危 | - | 2024-12-09 11:30:47 | Deep Dive |
| CVE-2024-9863 | Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value | cyberlord92 | Miniorange OTP Verification with Firebase | Critical | 9.8 | 2024-10-17 02:06:06 | Deep Dive |
| CVE-2024-9862 | Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change | cyberlord92 | Miniorange OTP Verification with Firebase | Critical | 9.8 | 2024-10-17 02:06:03 | Deep Dive |
| CVE-2024-9861 | Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass | cyberlord92 | Miniorange OTP Verification with Firebase | High | 8.1 | 2024-10-17 02:05:58 | Deep Dive |