Browse all 29 CVE security advisories affecting miniOrange. AI-powered Chinese analysis, POCs, and references for each vulnerability.
miniOrange primarily provides identity and access management solutions, specializing in single sign-on (SSO), multi-factor authentication (MFA), and directory synchronization for enterprise environments. Security audits have identified twenty-nine distinct Common Vulnerabilities and Exposures (CVEs) associated with its software suite, revealing a pattern of critical flaws. These vulnerabilities predominantly involve remote code execution (RCE) and cross-site scripting (XSS), allowing attackers to compromise system integrity or steal user credentials. Additionally, several instances of broken access control and privilege escalation have been documented, enabling unauthorized users to gain administrative rights. The high volume of historical CVEs suggests significant challenges in maintaining secure codebases across its diverse product offerings. While the company actively issues patches, the recurring nature of these critical flaws indicates persistent risks for organizations relying on its authentication infrastructure without rigorous security monitoring and immediate updates.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54048 | WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability — Custom API for WPCWE-89 | 9.3 | Critical | 2025-08-20 |
| CVE-2025-54049 | WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability — Custom API for WPCWE-266 | 9.9 | Critical | 2025-08-20 |
This page lists every published CVE security advisory associated with miniOrange. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.