Vulnerabilities > Miniorange > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-9861 | Missing Authentication for Critical Function vulnerability in Miniorange OTP Verification With Firebase The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.6.0. | 8.1 |
| 2023-12-29 | CVE-2022-44589 | Unspecified vulnerability in Miniorange Google Authenticator Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. | 7.5 |
| 2023-10-16 | CVE-2023-5003 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. | 7.5 |
| 2023-09-25 | CVE-2023-4238 | Unspecified vulnerability in Miniorange Prevent Files / Folders Access The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | 7.2 |
| 2023-07-18 | CVE-2022-34155 | Unspecified vulnerability in Miniorange Oauth Single Sign on Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | 8.8 |
| 2023-06-29 | CVE-2023-3447 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. | 7.5 |
| 2023-05-23 | CVE-2023-23706 | Unspecified vulnerability in Miniorange Wordpress Social Login and Register (Discord, Google, Twitter, Linkedin) Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | 8.8 |
| 2023-05-15 | CVE-2023-0812 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. | 7.5 |
| 2023-01-17 | CVE-2023-23749 | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
| 2022-11-18 | CVE-2022-45073 | Cross-Site Request Forgery (CSRF) vulnerability in Miniorange Wordpress Rest API Authentication Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | 8.8 |