Vulnerabilities > Miniorange
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-4505 | Unspecified vulnerability in Miniorange Staff / Employee Business Directory for Active Directory The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. | 4.9 |
| 2023-09-27 | CVE-2023-4506 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. | 6.5 |
| 2023-09-25 | CVE-2023-4238 | Unspecified vulnerability in Miniorange Prevent Files / Folders Access The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | 7.2 |
| 2023-07-18 | CVE-2022-34155 | Unspecified vulnerability in Miniorange Oauth Single Sign on Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | 8.8 |
| 2023-06-29 | CVE-2023-3447 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. | 7.5 |
| 2023-06-09 | CVE-2023-2484 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2023-06-09 | CVE-2023-2599 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2023-05-23 | CVE-2023-23706 | Unspecified vulnerability in Miniorange Wordpress Social Login and Register (Discord, Google, Twitter, Linkedin) Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | 8.8 |
| 2023-05-15 | CVE-2023-0812 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. | 7.5 |
| 2023-04-25 | CVE-2023-23710 | Unspecified vulnerability in Miniorange Wordpress Social Login and Register (Discord, Google, Twitter, Linkedin) Auth. | 4.8 |