Vulnerabilities > Miniorange > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-29 | CVE-2022-44589 | Unspecified vulnerability in Miniorange Google Authenticator Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login.This issue affects miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login: from n/a through 5.6.1. | 7.5 |
| 2023-10-16 | CVE-2023-5003 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. | 7.5 |
| 2023-09-25 | CVE-2023-4238 | Unspecified vulnerability in Miniorange Prevent Files / Folders Access The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | 7.2 |
| 2023-07-18 | CVE-2022-34155 | Improper Authentication vulnerability in Miniorange Oauth Single Sign on Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | 8.8 |
| 2023-06-29 | CVE-2023-3447 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. | 7.5 |
| 2023-05-23 | CVE-2023-23706 | Cross-Site Request Forgery (CSRF) vulnerability in Miniorange Wordpress Social Login and Register (Discord, Google, Twitter, Linkedin) Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | 8.8 |
| 2023-05-15 | CVE-2023-0812 | Unspecified vulnerability in Miniorange Active Directory Integration / Ldap Integration The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. | 7.5 |
| 2023-01-17 | CVE-2023-23749 | Injection vulnerability in Miniorange Ldap Integration With Active Directory and Openldap 5.0.2 The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. | 7.5 |
| 2022-11-18 | CVE-2022-45073 | Cross-Site Request Forgery (CSRF) vulnerability in Miniorange Wordpress Rest API Authentication Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | 8.8 |
| 2022-11-18 | CVE-2022-42461 | Unspecified vulnerability in Miniorange Google Authenticator Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | 8.8 |