🎁Wordfence just launched its bug bounty program. From today through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁

OAuth Single Sign On – SSO (OAuth Client)

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > OAuth Single Sign On – SSO (OAuth Client)

Information

Software Type	Plugin
Software Slug	miniorange-login-with-eve-online-google-facebook (view on wordpress.org)
Software Status	Active
Software Author	cyberlord92
Software Website	miniorange-login-with-eve-online-google-facebook
Software Downloads	138,925
Software Active Installs	5,000
Software Record Last Updated	December 7, 2023

6 Vulnerabilities

OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization

8.8

CVE-2022-34155

May 24, 2023

Researcher: István Márton

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page

4.3

CVE-2023-1092

Feb 28, 2023

Researcher: Nguyen Thuc Tuyen

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page

4.3

CVE-2023-1093

Feb 15, 2023

Researcher: Erwan LR

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass

5.3

CVE-2022-2133

Jun 27, 2022

Researcher: István Márton

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting

6.4

CVE ID Unknown

Jun 22, 2022

Researchers:

Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 30, 2021

Researcher: WPScanTeam

Title	CVE ID	CVSS	Researchers	Date
OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization	CVE-2022-34155	8.8	István Márton	May 24, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page	CVE-2023-1092	4.3	Nguyen Thuc Tuyen	February 28, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page	CVE-2023-1093	4.3	Erwan LR	February 15, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass	CVE-2022-2133	5.3	István Márton	June 27, 2022
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting		6.4		June 22, 2022
Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting		6.1	WPScanTeam	August 30, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation