miniorange vulnerabilities and exploits

(subscribe to this query)

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated malicious users to ext...

Cyberlord92 Active Directory Integration / Ldap Integration Miniorange Active Directory Integration / Ldap Integration

The Web3 WordPress plugin prior to 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated malicious u...

Unknown Web3 Miniorange Web3 - Crypto Wallet Login & Nft Token Gating

1 Github repository

The Active Directory Integration / LDAP Integration WordPress plugin prior to 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.

Unknown Active Directory Integration / Ldap Integration Miniorange Active Directory Integration / Ldap Integration

The OAuth Single Sign On WordPress plugin prior to 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows malicious users to log onto the site with the only knowledge of a user's email address.

Unknown Oauth Single Sign On – Sso (oauth Client)Miniorange Oauth Single Sign On

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with adminis...

Cyberlord92 Active Directory Integration / Ldap Integration Miniorange Active Directory Integration / Ldap Integration

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the get_users function and insuf...

Cyberlord92 Active Directory Integration / Ldap Integration Miniorange Active Directory Integration / Ldap Integration

The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin prior to 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disall...

Unknown Login Using Wordpress Users ( Wp As Saml Idp )Miniorange Login Using Wordpress Users

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.

Miniorange Wordpress Social Login And Register (discord, Google, Twitter, Linkedin)

Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.

Miniorange Wordpress Social Login And Register (discord, Google, Twitter, Linkedin)

The miniOrange's Google Authenticator WordPress plugin prior to 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html i...

Unknown Miniorange's Google Authenticator – Wordpress Two Factor Authentication (2fa , Two Factor, Otp Sms And Email) | Passwordless Login Miniorange Google Authenticator

« PREV 1 2 3 4 5 6 7 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook