Cyberlord92 — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting Cyberlord92. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Operating primarily as an independent security researcher, cyberlord92 has established a significant footprint in the vulnerability disclosure landscape with thirty-six Common Vulnerabilities and Exposures (CVEs) currently on record. The majority of these findings target web applications, with Remote Code Execution (RCE) and Cross-Site Scripting (XSS) representing the most frequently exploited vulnerability classes. Privilege escalation flaws also appear with regularity, indicating a focus on gaining elevated access within compromised environments. Notable incidents include critical disclosures affecting major enterprise software platforms, which prompted rapid vendor patches and highlighted systemic architectural weaknesses. The profile suggests a methodical approach to penetration testing, prioritizing high-impact bugs over low-severity issues. This consistent output demonstrates a specialized expertise in identifying complex logic flaws and injection points, contributing substantially to the broader cybersecurity community’s understanding of application security risks.

Top products by Cyberlord92: Active Directory Integration / LDAP Integration OAuth Single Sign On – SSO (OAuth Client) Miniorange OTP Verification with Firebase miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Integrate Dynamics 365 CRM PowerBI Embed Reports Broken Link Checker | Finder Web Application Firewall – website security Page and Post Restriction SAML IDP (Identity Provider) – Login with Website Users miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator) Staff/Employee Business Directory for Active Directory WordPress Single Sign-On (SSO) - Single Site Standard User Sync Web3 – Crypto wallet Login & NFT token gating Login with YourMembership – YM SSO Login Password Policy Manager | Password Manager WP Login and Register using JWT miniOrange OTP Verification and SMS Notification for WooCommerce Employee Directory – Staff Directory and Listing All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login

CVEs 36

CVE ID	Title	CVSS	Severity	Published
CVE-2026-2628	All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login <= 2.2.5 - Authentication Bypass — All-in-One Microsoft 365 & Entra ID / Azure AD SSO LoginCWE-288	9.8	Critical	2026-03-03
CVE-2026-1279	Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute — Employee Directory – Staff Directory and ListingCWE-79	6.4	Medium	2026-02-06
CVE-2025-10753	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization — OAuth Single Sign On – SSO (OAuth Client)CWE-862	5.3	Medium	2026-02-06
CVE-2026-0725	Integrate Dynamics 365 CRM <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Field Mapping Configuration — Integrate Dynamics 365 CRMCWE-79	4.4	Medium	2026-01-17
CVE-2025-14948	miniOrange OTP Verification and SMS Notification for WooCommerce <= 4.3.8 - Missing Authorization to Unauthenticated Notification Settings Modification — miniOrange OTP Verification and SMS Notification for WooCommerceCWE-862	5.3	Medium	2026-01-10
CVE-2025-12822	WP Login and Register using JWT <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) API Key Exposure — WP Login and Register using JWTCWE-862	4.3	Medium	2025-11-19
CVE-2025-11255	Password Policy Manager \| Password Manager <= 2.0.5 - Missing Authorization to Authenticated (Subscriber+) Configuration Log Out — Password Policy Manager \| Password ManagerCWE-862	4.3	Medium	2025-10-25
CVE-2025-10750	PowerBI Embed Reports <= 1.2.0 - Unauthenticated Sensitive Information Disclosure — PowerBI Embed ReportsCWE-200	5.3	Medium	2025-10-18
CVE-2025-10648	Login with YourMembership - YM SSO Login <= 1.1.7 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'moym_display_test_attributes' — Login with YourMembership – YM SSO LoginCWE-862	5.3	Medium	2025-10-15
CVE-2025-9485	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token() — OAuth Single Sign On – SSO (OAuth Client)CWE-347	9.8	Critical	2025-10-04
CVE-2025-10746	Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization — Integrate Dynamics 365 CRMCWE-306	6.5	Medium	2025-10-04
CVE-2025-10752	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery — OAuth Single Sign On – SSO (OAuth Client)CWE-352	4.3	Medium	2025-09-26
CVE-2025-7665	Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation — Miniorange OTP Verification with FirebaseCWE-862	8.1	High	2025-09-19
CVE-2025-9891	User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation — User SyncCWE-352	4.3	Medium	2025-09-17
CVE-2025-6003	WordPress Single Sign-On (SSO) - Multiple Versions - Incorrect Authorization to Sensitive Information Exposure — WordPress Single Sign-On (SSO) - Single Site StandardCWE-863	5.3	Medium	2025-06-12
CVE-2024-11087	miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass — miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-287	8.1	High	2025-03-08
CVE-2023-46082	WordPress Broken Link Checker \| Finder plugin <= 2.4.2 - Broken Access Control vulnerability — Broken Link Checker \| FinderCWE-862	5.3	Medium	2025-01-02
CVE-2024-11297	Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.6 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Page and Post RestrictionCWE-200	5.3	Medium	2024-12-20
CVE-2024-12121	Broken Link Checker \| Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery — Broken Link Checker \| FinderCWE-918	5.4	Medium	2024-12-19
CVE-2024-10111	OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass — OAuth Single Sign On – SSO (OAuth Client)CWE-287	8.1	High	2024-12-12
CVE-2024-11901	PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — PowerBI Embed ReportsCWE-79	6.4	Medium	2024-12-12
CVE-2024-9887	Login using WordPress Users ( WP as SAML IDP ) <= 1.15.6 - Authenticated (Administrator+) SQL Injection — SAML IDP (Identity Provider) – Login with Website UsersCWE-89	7.2	High	2024-11-16
CVE-2024-9863	Miniorange OTP Verification with Firebase <= 3.6.0 - Privilege Escalation via Registration due to Administrator Default User Role Value — Miniorange OTP Verification with FirebaseCWE-266	9.8	Critical	2024-10-17
CVE-2024-9862	Miniorange OTP Verification with Firebase <= 3.6.0 - Unauthenticated Arbitrary User Password Change — Miniorange OTP Verification with FirebaseCWE-639	9.8	Critical	2024-10-17
CVE-2024-9861	Miniorange OTP Verification with Firebase <= 3.6.0 - Authentication Bypass — Miniorange OTP Verification with FirebaseCWE-288	8.1	High	2024-10-17
CVE-2022-4539	Web Application Firewall <= 2.1.2 - IP Address Spoofing to Protection Mechanism Bypass — Web Application Firewall – website securityCWE-348	5.3	Medium	2024-08-31
CVE-2024-0681	Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass — Page and Post RestrictionCWE-693	5.3	Medium	2024-03-13
CVE-2024-2172	Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation — Web Application Firewall – website securityCWE-304	9.8	Critical	2024-03-13
CVE-2022-4943	miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change — miniOrange 2FA – Two-Factor Authentication for WordPress (SMS, Email & Google Authenticator)CWE-862	7.5	High	2023-10-20
CVE-2023-4505	Staff / Employee Business Directory for Active Directory <= 1.2.3 - Authenticated (Admin+) LDAP Passback — Staff/Employee Business Directory for Active DirectoryCWE-306	2.2	Low	2023-09-26

This page lists every published CVE security advisory associated with Cyberlord92. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Cyberlord92 — Vulnerabilities & Security Advisories 36