Vulnerabilities > Miniorange > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-08 | CVE-2024-11087 | Improper Authentication vulnerability in Miniorange Social Login The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. | 9.8 |
| 2024-10-17 | CVE-2024-9862 | Authorization Bypass Through User-Controlled Key vulnerability in Miniorange OTP Verification With Firebase The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. | 9.8 |
| 2024-02-12 | CVE-2023-6036 | Incorrect Authorization vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. | 9.8 |
| 2022-08-22 | CVE-2022-34149 | Unspecified vulnerability in Miniorange WP Oauth Server Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 |
| 2022-08-22 | CVE-2022-34858 | Unspecified vulnerability in Miniorange Oauth 2.0 Client for SSO Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 |