目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

miniOrange 厂商漏洞列表 / CVE 中文分析 29

miniOrange 厂商相关 29 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

miniOrange 主要提供身份认证与访问管理解决方案,涵盖 SSO、MFA 及目录服务集成。其软件历史上频繁出现远程代码执行、跨站脚本及越权访问等高危漏洞,累计收录 29 条 CVE。部分版本因缺乏严格的输入验证导致攻击者可直接获取系统权限。该厂商需持续强化代码审计与补丁更新机制,以应对日益复杂的身份认证攻击面,确保企业级安全合规。

Top products by miniOrange: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Custom API for WP WordPress Social Login and Register Malware Scanner miniOrange's Google Authenticator Prevent files / folders access Password Policy Manager miniOrange Discord Integration WordPress REST API Authentication miniorange otp verification SAML SP Single Sign On YourMembership Single Sign On miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless login YourMembership Single Sign On – YM SSO Login OAuth Single Sign On – SSO (OAuth Client) LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login OAuth Single Sign On Free WordPress REST API Authentication (WordPress plugin) miniOrange WordPress SAML SSO Standard miniOrange's Google Authenticator (WordPress plugin) OAuth 2.0 client for SSO (WordPress plugin) WP OAuth Server (WordPress plugin)
CVE ID标题CVSS风险等级Published
CVE-2025-68974 WordPress plugin WordPress Social Login and Register 安全漏洞 — WordPress Social Login and RegisterCWE-98 6.6 Medium2025-12-30
CVE-2025-54745 WordPress plugin miniOranges Google Authenticator 安全漏洞 — miniOrange's Google AuthenticatorCWE-862 6.5 Medium2025-12-18
CVE-2025-53561 WordPress plugin Prevent files / folders access 安全漏洞 — Prevent files / folders accessCWE-35 6.5 Medium2025-08-20
CVE-2025-54048 WordPress plugin Custom API for WP SQL注入漏洞 — Custom API for WPCWE-89 9.3 Critical2025-08-20
CVE-2025-54049 WordPress plugin Custom API for WP 安全漏洞 — Custom API for WPCWE-266 9.9 Critical2025-08-20
CVE-2025-31019 WordPress plugin Password Policy Manager 安全漏洞 — Password Policy ManagerCWE-288 8.8 High2025-06-09
CVE-2025-47670 WordPress plugin WordPress Social Login and Register 安全漏洞 — WordPress Social Login and RegisterCWE-98 8.1 High2025-05-23
CVE-2025-47672 WordPress plugin miniOrange Discord Integration 安全漏洞 — miniOrange Discord IntegrationCWE-98 8.1 High2025-05-23
CVE-2025-39545 WordPress plugin WordPress REST API Authentication 安全漏洞 — WordPress REST API AuthenticationCWE-862 5.4 Medium2025-04-16
CVE-2023-41873 WordPress plugin SAML SP Single Sign On 安全漏洞 — SAML SP Single Sign OnCWE-862 4.3 Medium2024-12-13
CVE-2023-37987 WordPress plugin YourMembership Single Sign On 安全漏洞 — YourMembership Single Sign OnCWE-862 6.5 Medium2024-12-13
CVE-2023-24375 WordPress plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) 安全漏洞 — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-862 3.5 Low2024-12-09
CVE-2023-25455 WordPress plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) 安全漏洞 — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-862 5.3 Medium2024-12-09
CVE-2023-47776 WordPress plugin miniorange otp verification 安全漏洞 — miniorange otp verificationCWE-862 4.3 Medium2024-12-09
CVE-2023-52176 WordPress plugin Malware Scanner 安全漏洞 — Malware ScannerCWE-290 5.3 Medium2024-06-04
CVE-2023-47683 WordPress plugin WordPress Social Login and Register 安全漏洞 — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-269 8.0 High2024-05-17
CVE-2024-25902 WordPress Plugin Malware Scanner SQL注入漏洞 — Malware ScannerCWE-89 7.6 High2024-02-28
CVE-2022-44589 WordPress Plugin miniOrange Google Authenticator 信息泄露漏洞 — miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email | Passwordless loginCWE-200 8.1 High2023-12-29
CVE-2023-37986 WordPress plugin YourMembership Single Sign On 跨站脚本漏洞 — YourMembership Single Sign On – YM SSO LoginCWE-79 5.9 Medium2023-09-01
CVE-2022-34155 WordPress Plugin OAuth Single Sign On – SSO 授权问题漏洞 — OAuth Single Sign On – SSO (OAuth Client)CWE-287 8.8 High2023-07-18
CVE-2023-23706 WordPress plugin WordPress Social Login and Register 跨站请求伪造漏洞 — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-352 4.3 Medium2023-05-23
CVE-2023-23710 WordPress plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) 跨站脚本漏洞 — WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)CWE-79 5.9 Medium2023-04-25
CVE-2023-1092 WordPress plugin OAuth Single Sign On Free 跨站请求伪造漏洞 — OAuth Single Sign On Free 6.5 -2023-03-27
CVE-2022-4496 WordPress plugin SAML SSO Standard 输入验证错误漏洞 — miniOrange WordPress SAML SSO Standard 6.1 -2023-01-30
CVE-2023-23749 OpenLDAP 注入漏洞 — LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login 7.5 -2023-01-17
CVE-2022-45073 WordPress plugin REST API Authentication 跨站请求伪造漏洞 — WordPress REST API Authentication (WordPress plugin)CWE-352 5.4 Medium2022-11-18
CVE-2022-42461 WordPress plugin Google Authenticator 安全漏洞 — miniOrange's Google Authenticator (WordPress plugin)CWE-264 5.4 Medium2022-11-18
CVE-2022-34149 WordPress plugin WP OAuth Server 权限许可和访问控制问题漏洞 — WP OAuth Server (WordPress plugin)CWE-264 9.8 Critical2022-08-22
CVE-2022-34858 WordPress plugin OAuth 访问控制错误漏洞 — OAuth 2.0 client for SSO (WordPress plugin)CWE-306 9.8 Critical2022-08-22

本页汇总了 miniOrange 厂商截至目前公开的全部 29 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。