Vulnerabilities > Miniorange > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-02-12 CVE-2023-6036 Incorrect Authorization vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'.
network
low complexity
miniorange CWE-863
critical
9.8
2023-06-30 CVE-2023-3249 Unspecified vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0.
network
low complexity
miniorange
critical
9.8
2023-06-29 CVE-2023-2982 Unspecified vulnerability in Miniorange Wordpress Social Login and Register (Discord, Google, Twitter, Linkedin)
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4.
network
low complexity
miniorange
critical
9.8
2022-08-22 CVE-2022-34149 Permissions, Privileges, and Access Controls vulnerability in Miniorange WP Oauth Server
Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
network
low complexity
miniorange CWE-264
critical
9.8
2022-08-22 CVE-2022-34858 Missing Authentication for Critical Function vulnerability in Miniorange Oauth 2.0 Client for SSO
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.
network
low complexity
miniorange CWE-306
critical
9.8