CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0875 – miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0875
06 Jun 2022 — The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks El plugin Google Authenticator de WordPress versiones anteriores a 1.0.5, no presenta una comprobación de tipo CSRF cuando guarda sus ajustes, y no los sanea así como los escapa, permitiendo a atacantes hacer que un administrador conectado los cambie y lleve a c... • https://wpscan.com/vulnerability/fefc1411-594d-465b-aeb9-78c141b23762 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0229 – miniOrange's Google Authenticator < 5.5 - Unauthenticated Arbitrary Options Deletion
https://notcve.org/view.php?id=CVE-2022-0229
28 Feb 2022 — The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. El plugin Google Authenticator de miniOrange de WordPress versiones anteriores a 5.5, no presenta comprobaciones apropiadas de autorización y de tipo CSRF cuando maneja el reconfigureMethod, y no c... • https://wpscan.com/vulnerability/d70c5335-4c01-448d-85fc-f8e75b104351 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36786
https://notcve.org/view.php?id=CVE-2021-36786
13 Aug 2021 — The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows Sensitive Data Exposure of API credentials and private keys. La extensión miniorange_saml (también se conoce como Miniorange Saml) versiones anteriores a 1.4.3 para TYPO3, permite una exposición de datos confidenciales de credenciales y claves privadas de la API. • https://typo3.org/help/security-advisories/security • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36785
https://notcve.org/view.php?id=CVE-2021-36785
13 Aug 2021 — The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. La extensión miniorange_saml (también se conoce como Miniorange Saml) versiones anteriores a 1.4.3 para TYPO3, permite un ataque de tipo XSS. • https://typo3.org/help/security-advisories/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2020-6850 – SAML Single Sign On – SAML SSO Login <= 4.8.83 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-6850
28 Jan 2020 — Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. El archivo Utilities.php en el plugin miniorange-saml-20-single-sign-on versiones anteriores a 4.8.84 para WordPress, permite un ataque de tipo XSS por medio de una Respuesta XML SAML diseñada en el archivo wp-login.php. Esto está rela... • https://wordpress.org/plugins/miniorange-saml-20-single-sign-on/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12346 – SAML Single Sign On – SAML SSO Login < 4.8.73 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12346
27 May 2019 — In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post. En el plugin Single Sign On de miniOrange SAML SP anterior a versión 4.8.73 para WordPress, el Endpoint Login de SAML es vulnerable a ataques XSS por medio de una publicación XML SAMLResponse especialmente creada. • https://wpvulndb.com/vulnerabilities/9397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •