Miniorange

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-3082 1Miniorange 1Discord Integration May 13, 2025 Oct 17, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for ex...Show more The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for exampleShow less
CVE-2022-34858 1Miniorange 1Oauth 2.0 Client For Sso Nov 21, 2024 Aug 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.
CVE-2022-34149 1Miniorange 1Wp Oauth Server Nov 21, 2024 Aug 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.
CVE-2022-2133 1Miniorange 1Oauth Single Sign On Nov 21, 2024 Jul 17, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.
CVE-2022-1995 1Miniorange 1Malware Scanner Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scrip...Show more The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)Show less
CVE-2022-1994 1Miniorange 1Login With Otp Over Sms, Email, Whatsapp And Google Authenticator Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even w...Show more The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedShow less
CVE-2022-1321 1Miniorange 1Google Authenticator Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading t...Show more The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)Show less
CVE-2022-1029 1Miniorange 1Limit Login Attempts Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site...Show more The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)Show less
CVE-2022-1028 1Miniorange 1Wordpress Security Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious...Show more The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)Show less
CVE-2022-1010 1Miniorange 1Login Using Wordpress Users Nov 21, 2024 Jun 27, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip...Show more The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2022-0875 1Miniorange 1Google Authenticator Nov 21, 2024 Jun 27, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform...Show more The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacksShow less
CVE-2022-0229 1Miniorange 1Google Authenticator Nov 21, 2024 Mar 21, 2022 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a r...Show more The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.Show less
CVE-2021-36786 1Miniorange 1Saml Nov 21, 2024 Aug 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys.
CVE-2021-36785 1Miniorange 1Saml Nov 21, 2024 Aug 13, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS.
CVE-2020-6850 1Miniorange 1Saml Sp Single Sign On Nov 21, 2024 Feb 17, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the...Show more Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.Show less
CVE-2019-12346 1Miniorange 1Saml Sp Single Sign On Nov 21, 2024 Jun 24, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.

Previous 1 23