🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

OAuth Single Sign On – SSO (OAuth Client)

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > OAuth Single Sign On – SSO (OAuth Client)

Information

Software Type	Plugin
Software Slug	miniorange-login-with-eve-online-google-facebook (view on wordpress.org)
Software Status	Active
Software Author	cyberlord92
Software Website	miniorange-login-with-eve-online-google-facebook
Software Downloads	154,544
Software Active Installs	5,000
Software Record Last Updated	April 19, 2024

6 Vulnerabilities

OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization

8.8

CVE-2022-34155

May 24, 2023

Researcher: István Márton

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page

4.3

CVE-2023-1092

Feb 28, 2023

Researcher: Nguyen Thuc Tuyen

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page

4.3

CVE-2023-1093

Feb 15, 2023

Researcher: Erwan LR

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass

8.1

CVE-2022-2133

Jun 27, 2022

Researcher: István Márton

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting

6.4

CVE ID Unknown

Jun 22, 2022

Researchers:

Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 30, 2021

Researcher: WPScanTeam

Title	CVE ID	CVSS	Researchers	Date
OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization	CVE-2022-34155	8.8	István Márton	May 24, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page	CVE-2023-1092	4.3	Nguyen Thuc Tuyen	February 28, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page	CVE-2023-1093	4.3	Erwan LR	February 15, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass	CVE-2022-2133	8.1	István Márton	June 27, 2022
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting		6.4		June 22, 2022
Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting		6.1	WPScanTeam	August 30, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation