OAuth Single Sign On – SSO (OAuth Client)

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > OAuth Single Sign On – SSO (OAuth Client)

Information

Software Type	Plugin
Software Slug	miniorange-login-with-eve-online-google-facebook (view on wordpress.org)
Software Status	Active
Software Author	cyberlord92
Software Website	miniorange-login-with-eve-online-google-facebook
Software Downloads	115,843
Software Active Installs	4,000
Software Record Last Updated	May 18, 2023

6 vulnerabilities

OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization

8.8

CVE-2022-34155

May 24, 2023

Researcher: Lana Codes

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page

4.3

CVE-2023-1092

Feb 28, 2023

Researcher: Nguyen Thuc Tuyen

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page

4.3

CVE-2023-1093

Feb 15, 2023

Researcher: Erwan LR

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass

5.3

CVE-2022-2133

Jun 27, 2022

Researcher: Lana Codes

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting

6.4

CVE ID Unknown

Jun 22, 2022

Researchers:

Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Aug 30, 2021

Researcher: WPScanTeam

Title	CVE ID	CVSS	Researchers	Date
OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization	CVE-2022-34155	8.8	Lana Codes	May 24, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page	CVE-2023-1092	4.3	Nguyen Thuc Tuyen	February 28, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page	CVE-2023-1093	4.3	Erwan LR	February 15, 2023
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass	CVE-2022-2133	5.3	Lana Codes	June 27, 2022
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting		6.4		June 22, 2022
Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting		6.1	WPScanTeam	August 30, 2021

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation