cbcvebase.

Miniorange Wordpress Social Login And Register vulnerabilities

5 known vulnerabilities affecting miniorange/wordpress_social_login_and_register.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-2982P1CRITICALCVSS 9.8ExploitedPoCfixed in 7.6.52023-06-29
CVE-2023-2982 [CRITICAL] CWE-288 CVE-2023-2982: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in
nvd
CVE-2025-47670P3HIGHCVSS 8.1≤ 7.6.102025-05-23
CVE-2025-47670 [HIGH] CWE-98 CVE-2025-47670: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.6.10.
nvd
CVE-2025-68974P3MEDIUMCVSS 6.6≤ 7.7.02025-12-30
CVE-2025-68974 [MEDIUM] CWE-98 CVE-2025-68974: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.7.0.
nvd
CVE-2023-23706P4HIGHCVSS 8.8fixed in 7.6.02023-05-23
CVE-2023-23706 [HIGH] CWE-352 CVE-2023-23706: Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (D Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.
nvd
CVE-2023-23710P4MEDIUMCVSS 4.8fixed in 7.6.02023-04-25
CVE-2023-23710 [MEDIUM] CWE-79 CVE-2023-23710: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.
nvd
Miniorange Wordpress Social Login And Register vulnerabilities | cvebase