Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

miniOrange — Vulnerabilities & Security Advisories 29

Browse all 29 CVE security advisories affecting miniOrange. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by miniOrange:WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)Custom API for WPWordPress Social Login and RegisterMalware ScannerminiOrange's Google AuthenticatorPrevent files / folders accessPassword Policy ManagerminiOrange Discord IntegrationWordPress REST API Authenticationminiorange otp verificationSAML SP Single Sign OnYourMembership Single Sign OnminiOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless loginYourMembership Single Sign On – YM SSO LoginOAuth Single Sign On – SSO (OAuth Client)LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos LoginOAuth Single Sign On FreeWordPress REST API Authentication (WordPress plugin)miniOrange WordPress SAML SSO StandardminiOrange's Google Authenticator (WordPress plugin)OAuth 2.0 client for SSO (WordPress plugin)WP OAuth Server (WordPress plugin)
CVE IDTitleCVSSSeverityPublished
CVE-2025-68974 WordPress WordPress Social Login and Register plugin <= 7.7.0 - Local File Inclusion vulnerability — WordPress Social Login and RegisterCWE-98 6.6 Medium2025-12-30
CVE-2025-54745 WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability — miniOrange's Google AuthenticatorCWE-862 6.5 Medium2025-12-18
CVE-2025-53561 WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability — Prevent files / folders accessCWE-35 6.5 Medium2025-08-20
CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability — Custom API for WPCWE-89 9.3 Critical2025-08-20
CVE-2025-54049 WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability — Custom API for WPCWE-266 9.9 Critical2025-08-20
CVE-2025-31019 WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability — Password Policy ManagerCWE-288 8.8 High2025-06-09
CVE-2025-47670 WordPress Social Login and Register plugin <= 7.6.10 - Local File Inclusion Vulnerability — WordPress Social Login and RegisterCWE-98 8.1 High2025-05-23
CVE-2025-47672 WordPress miniOrange Discord Integration plugin <= 2.2.2 - Local File Inclusion Vulnerability — miniOrange Discord IntegrationCWE-98 8.1 High2025-05-23
CVE-2025-39545 WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability — WordPress REST API AuthenticationCWE-862 5.4 Medium2025-04-16
CVE-2023-41873 WordPress SAML Single Sign On – SSO Login plugin <= 5.0.4 - Broken Access Control vulnerability — SAML SP Single Sign OnCWE-862 4.3 Medium2024-12-13
CVE-2023-37987 WordPress YourMembership Single Sign On plugin <= 1.1.3 - Broken Access Control vulnerability — YourMembership Single Sign OnCWE-862 6.5 Medium2024-12-13
CVE-2023-24375 WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 - Broken Access Control vulnerability — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-862 3.5 Low2024-12-09
CVE-2023-25455 WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-862 5.3 Medium2024-12-09
CVE-2023-47776 WordPress miniorange otp verification plugin <= 4.2.1 - Broken Access Control vulnerability — miniorange otp verificationCWE-862 8.1 -2024-12-09
CVE-2023-52176 WordPress Malware Scanner plugin <= 4.7.1 - IP Restriction Bypass vulnerability — Malware ScannerCWE-290 5.3 Medium2024-06-04
CVE-2023-47683 WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-269 8.0 High2024-05-17
CVE-2024-25902 WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection — Malware ScannerCWE-89 7.6 High2024-02-28
CVE-2022-44589 WordPress miniOrange's Google Authenticator Plugin <= 5.6.1 is vulnerable to Sensitive Data Exposure — miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless loginCWE-200 8.1 High2023-12-29
CVE-2023-37986 WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) — YourMembership Single Sign On – YM SSO LoginCWE-79 5.9 Medium2023-09-01
CVE-2022-34155 WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.23.3 is vulnerable to Broken Authentication — OAuth Single Sign On – SSO (OAuth Client)CWE-287 8.8 High2023-07-18
CVE-2023-23706 WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Plugin <= 7.5.14 is vulnerable to Cross Site Request Forgery (CSRF) — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-352 4.3 Medium2023-05-23
CVE-2023-23710 WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 is vulnerable to Cross Site Scripting (XSS) — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-79 5.9 Medium2023-04-25
CVE-2023-1092 OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF — OAuth Single Sign On Free 6.5 -2023-03-27
CVE-2022-4496 miniOrange WordPress SAML SSO multiple versions - Open Redirect in SSO login — miniOrange WordPress SAML SSO Standard 6.1 -2023-01-30
CVE-2023-23749 Extension - miniorange - LDAP Integration - LDAP Injection (username) — LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login 7.5 -2023-01-17
CVE-2022-45073 WordPress REST API Authentication plugin <= 2.4.0 - Cross-Site Request Forgery (CSRF) vulnerability — WordPress REST API Authentication (WordPress plugin)CWE-352 5.4 Medium2022-11-18
CVE-2022-42461 WordPress miniOrange's Google Authenticator plugin <= 5.6.1 - Broken Access Control vulnerability — miniOrange's Google Authenticator (WordPress plugin)CWE-264 5.4 Medium2022-11-18
CVE-2022-34149 WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability — WP OAuth Server (WordPress plugin)CWE-264 9.8 Critical2022-08-22
CVE-2022-34858 WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability — OAuth 2.0 client for SSO (WordPress plugin)CWE-306 9.8 Critical2022-08-22

This page lists every published CVE security advisory associated with miniOrange. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.