Vulnerabilities > Miniorange > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2023-6036 | Incorrect Authorization vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. | 9.8 |
| 2023-06-30 | CVE-2023-3249 | Unspecified vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. | 9.8 |
| 2023-06-29 | CVE-2023-2982 | Unspecified vulnerability in Miniorange Wordpress Social Login and Register (Discord, Google, Twitter, Linkedin) The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. | 9.8 |
| 2022-08-22 | CVE-2022-34149 | Permissions, Privileges, and Access Controls vulnerability in Miniorange WP Oauth Server Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 |
| 2022-08-22 | CVE-2022-34858 | Missing Authentication for Critical Function vulnerability in Miniorange Oauth 2.0 Client for SSO Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 |