Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Cyberlord92 — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting Cyberlord92. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Cyberlord92:Active Directory Integration / LDAP IntegrationOAuth Single Sign On – SSO (OAuth Client)Miniorange OTP Verification with FirebaseminiOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)Integrate Dynamics 365 CRMPowerBI Embed ReportsBroken Link Checker | FinderWeb Application Firewall – website securityPage and Post RestrictionSAML IDP (Identity Provider) – Login with Website UsersminiOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)Staff/Employee Business Directory for Active DirectoryWordPress Single Sign-On (SSO) - Single Site StandardUser SyncWeb3 – Crypto wallet Login & NFT token gatingLogin with YourMembership – YM SSO LoginPassword Policy Manager | Password ManagerWP Login and Register using JWTminiOrange OTP Verification and SMS Notification for WooCommerceEmployee Directory – Staff Directory and ListingAll-in-One Microsoft 365 & Entra ID / Azure AD SSO Login
CVE IDTitleCVSSSeverityPublished
CVE-2026-2628 All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass — All-in-One Microsoft 365 & Entra ID / Azure AD SSO LoginCWE-288 9.8 Critical2026-03-03
CVE-2026-1279 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute — Employee Directory – Staff Directory and ListingCWE-79 6.4 Medium2026-02-06
CVE-2025-10753 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization — OAuth Single Sign On – SSO (OAuth Client)CWE-862 5.3 Medium2026-02-06
CVE-2026-0725 Integrate Dynamics 365 CRM <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configuration — Integrate Dynamics 365 CRMCWE-79 4.4 Medium2026-01-17
CVE-2025-14948 miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification — miniOrange OTP Verification and SMS Notification for WooCommerceCWE-862 5.3 Medium2026-01-10
CVE-2025-12822 WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure — WP Login and Register using JWTCWE-862 4.3 Medium2025-11-19
CVE-2025-11255 Password Policy Manager | Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out — Password Policy Manager | Password ManagerCWE-862 4.3 Medium2025-10-25
CVE-2025-10750 PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure — PowerBI Embed ReportsCWE-200 5.3 Medium2025-10-18
CVE-2025-10648 Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' — Login with YourMembership – YM SSO LoginCWE-862 5.3 Medium2025-10-15
CVE-2025-9485 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() — OAuth Single Sign On – SSO (OAuth Client)CWE-347 9.8 Critical2025-10-04
CVE-2025-10746 Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization — Integrate Dynamics 365 CRMCWE-306 6.5 Medium2025-10-04
CVE-2025-10752 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery — OAuth Single Sign On – SSO (OAuth Client)CWE-352 4.3 Medium2025-09-26
CVE-2025-7665 Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation — Miniorange OTP Verification with FirebaseCWE-862 8.1 High2025-09-19
CVE-2025-9891 User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation — User SyncCWE-352 4.3 Medium2025-09-17
CVE-2025-6003 WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure — WordPress Single Sign-On (SSO) - Single Site StandardCWE-863 5.3 Medium2025-06-12
CVE-2024-11087 miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass — miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-287 8.1 High2025-03-08
CVE-2023-46082 WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability — Broken Link Checker | FinderCWE-862 8.1 -2025-01-02
CVE-2024-11297 Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Page and Post RestrictionCWE-200 5.3 Medium2024-12-20
CVE-2024-12121 Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery — Broken Link Checker | FinderCWE-918 5.4 Medium2024-12-19
CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass — OAuth Single Sign On – SSO (OAuth Client)CWE-287 8.1 High2024-12-12
CVE-2024-11901 PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — PowerBI Embed ReportsCWE-79 6.4 Medium2024-12-12
CVE-2024-9887 Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection — SAML IDP (Identity Provider) – Login with Website UsersCWE-89 7.2 High2024-11-16
CVE-2024-9863 Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value — Miniorange OTP Verification with FirebaseCWE-266 9.8 Critical2024-10-17
CVE-2024-9862 Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change — Miniorange OTP Verification with FirebaseCWE-639 9.8 Critical2024-10-17
CVE-2024-9861 Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass — Miniorange OTP Verification with FirebaseCWE-288 8.1 High2024-10-17
CVE-2022-4539 Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass — Web Application Firewall – website securityCWE-348 5.3 Medium2024-08-31
CVE-2024-0681 Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass — Page and Post RestrictionCWE-693 5.3 Medium2024-03-13
CVE-2024-2172 Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation — Web Application Firewall – website securityCWE-304 9.8 Critical2024-03-13
CVE-2022-4943 miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change — miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)CWE-862 7.5 High2023-10-20
CVE-2023-4505 Staff / Employee Business Directory for Active Directory <= 1.2.3 - Authenticated (Admin+) LDAP Passback — Staff/Employee Business Directory for Active DirectoryCWE-306 2.2 Low2023-09-26

This page lists every published CVE security advisory associated with Cyberlord92. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.