Miniorange Security Vulnerabilities (CVEs)

Track 21 security vulnerabilities affecting Miniorange products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

12 High

5 Medium

Sort by:

🔔 Get Alerts for Miniorange

CVE-2025-6675 4.8

This vulnerability allows attackers to bypass multi-factor authentication in Drupal Enterprise MFA - TFA for Drupal by using an alternate path or chan...

Jun 26, 2025

CVE-2025-47709 6.5

This CVE describes a Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal that allows forceful browsing. Attackers can bypass...

May 14, 2025

CVE-2025-47710 7.4

This vulnerability allows attackers to bypass multi-factor authentication in Drupal Enterprise MFA - TFA modules, potentially gaining unauthorized acc...

May 14, 2025

CVE-2025-47707 7.5

This vulnerability allows attackers to bypass multi-factor authentication in Drupal Enterprise MFA - TFA modules, potentially gaining unauthorized acc...

May 14, 2025

CVE-2024-11087 8.1

This vulnerability allows unauthenticated attackers to bypass authentication in WordPress sites using the miniOrange Social Login Pro Addon plugin. At...

Mar 8, 2025

CVE-2024-11297 5.3

The Page Restriction WordPress plugin (versions up to 1.3.6) allows unauthenticated attackers to access sensitive content from posts/pages restricted ...

Dec 20, 2024

CVE-2024-9861 8.1

The Miniorange OTP Verification with Firebase WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log...

Oct 17, 2024

CVE-2024-9862 9.8

This vulnerability allows unauthenticated attackers to change any WordPress user's password, including administrators, without knowing the current pas...

Oct 17, 2024

CVE-2022-4539 5.3

The Web Application Firewall plugin for WordPress versions up to 2.1.2 is vulnerable to IP address spoofing. Attackers can manipulate the X-Forwarded-...

Aug 31, 2024

CVE-2023-6036 9.8

The Web3 WordPress plugin before version 3.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to log in as any ...

Feb 12, 2024

CVE-2022-44589 8.1

This vulnerability in the miniOrange WordPress Two Factor Authentication plugin exposes sensitive information to unauthorized actors. It affects all v...

Dec 29, 2023

CVE-2023-4238 7.2

This vulnerability in the Prevent files / folders access WordPress plugin allows attackers to upload arbitrary files, including malicious PHP scripts,...

Sep 25, 2023

CVE-2022-34155 8.8

CVE-2022-34155 is an authentication bypass vulnerability in the miniOrange OAuth Single Sign On WordPress plugin. Attackers can bypass authentication ...

Jul 18, 2023

CVE-2023-3249 9.8

This vulnerability allows authenticated attackers to bypass authentication in the Web3 WordPress plugin and log in as any existing user, including adm...

Jun 30, 2023

CVE-2023-3447 8.6

This LDAP injection vulnerability in the Active Directory/LDAP Integration WordPress plugin allows unauthenticated attackers to manipulate LDAP querie...

Jun 29, 2023

CVE-2023-2982 9.8

This vulnerability allows unauthenticated attackers to bypass authentication in the WordPress Social Login and Register plugin by exploiting insuffici...

Jun 29, 2023

CVE-2023-2484 7.2

This vulnerability allows authenticated WordPress administrators to perform time-based SQL injection attacks through the Active Directory Integration ...

Jun 9, 2023

CVE-2023-0812 7.5

This vulnerability in the Active Directory Integration / LDAP Integration WordPress plugin allows unauthenticated attackers to access sensitive data t...

May 15, 2023

CVE-2023-1093 6.5

This vulnerability in the OAuth Single Sign On WordPress plugin allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against logged-i...

Mar 27, 2023

CVE-2022-0229 8.1

This vulnerability in the miniOrange Google Authenticator WordPress plugin allows unauthenticated attackers to delete arbitrary WordPress options via ...

Mar 21, 2022

CVE-2021-36786 7.5

The miniorange_saml extension for TYPO3 before version 1.4.3 exposes sensitive API credentials and private keys, allowing attackers to access authenti...

Aug 13, 2021

Why Monitor Miniorange Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 21+ known vulnerabilities affecting Miniorange products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Miniorange packages in under 60 seconds. No agents required - completely agentless scanning that works across Miniorange deployments.

Free vulnerability database: Access detailed information about every Miniorange CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Miniorange CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Miniorange CVEs Free