WordPress Plugin Vulnerabilities

WordPress Social Login and Register < 7.5.15 - Multiple CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
miniorange-login-openid
Fixed in 7.5.15

References

CVE
CVE-2023-23706

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
79bb720e-3ba9-4385-af78-2e135e1ddee3

Timeline

Publicly Published
2023-02-15 (about 3 years ago)
Added
2023-04-26 (about 2 years ago)
Last Updated
2023-04-26 (about 2 years ago)

Other

Published
Title
Published
2014-08-01
Title
Booking System - Reflected Cross-Site Scripting (XSS)
Published
2023-02-14
Title
Opt-Out for Google Analytics < 2.3.5 - Admin+ Stored XSS
Published
2024-04-26
Title
Jeg Elementor Kit < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner
Published
2025-01-16
Title
Wibstats <= 0.5.5 - Reflected Cross-Site Scripting
Published
2024-04-29
Title
Social Media Share Buttons < 2.9.0 - Admin+ Stored XSS