miniorange vulnerabilities and exploits

(subscribe to this query)

Utilities.php in the miniorange-saml-20-single-sign-on plugin prior to 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element.

Miniorange Saml Sp Single Sign On

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents ...

Miniorange Ldap Integration With Active Directory And Openldap - Ntlm & Kerberos Login Miniorange Ldap Integration With Active Directory And Openldap 5.0.2

The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers ca...

Miniorange Web Application Firewall Cyberlord92 Web Application Firewall – Website Security

Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the S...

Xecuify Drupal 8 Miniorange Saml Sp Xecuify Drupal 9 Miniorange Saml Sp Xecuify Drupal 7 Miniorange Saml Sp Drupal Saml Sp 2.0 Single Sign On

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social log...

Cyberlord92 Miniorange Social Login And Register (discord, Google, Twitter, Linkedin) Pro Addon Miniorange Social Login

The OAuth Single Sign On WordPress plugin prior to 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow malicious users to make logged in admins delete all IdP via a CSRF attack

Unknown Oauth Single Sign On Miniorange Oauth Single Sign On

The Prevent files / folders access WordPress plugin prior to 2.5.2 does not validate files to be uploaded, which could allow malicious users to upload arbitrary files such as PHP on the server.

Unknown Prevent Files / Folders Access Miniorange Prevent Files / Folders Access

1 Github repository

The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin prior to 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks w...

Unknown Wordpress Security – Firewall, Malware Scanner, Secure Login And Backup Miniorange Wordpress Security

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insuf...

Cyberlord92 Active Directory Integration / Ldap Integration Miniorange Active Directory Integration / Ldap Integration

The OAuth Single Sign On WordPress plugin prior to 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows malicious users to log onto the site with the only knowledge of a user's email address.

Unknown Oauth Single Sign On – Sso (oauth Client)Miniorange Oauth Single Sign On

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook