OAuth Single Sign On – SSO (OAuth Client)

Vulnerabilities 13Slug miniorange-login-with-eve-online-google-facebookLatest version 6.26.19WordPress.org →

Minimum safe version

6.26.15

Update to 6.26.15 or later to address 13 fixable vulnerabilities

Latest available6.26.19 ✓

Medium 5.3

2026-02-06< 6.26.15

CVE-2025-10753

CVE Wordfence

Medium 4.3

2025-09-26< 6.26.13

OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Cross-Site Request Forgery

EUVD Wordfence CVE

Critical 9.8

2025-10-03< 6.26.13

OAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token()

Wordfence CVE

High 8.1

2024-12-12< 6.26.4

CVE-2024-10111

CVE Patchstack Wordfence

N/A

< 6.20.3

Multiple Plugins from miniorange - Reflected Cross-Site Scripting via appId

WPScan

High 8.8

2023-07-18< 6.23.4

CVE-2022-34155

CVE Patchstack Wordfence WPScan

Medium 6.5

2023-03-27< 6.24.2

CVE-2023-1093

CVE WPScan

Medium 6.5

2023-03-27< 6.24.2

CVE-2023-1092

CVE Wordfence WPScan

N/A

2023-02-16< 6.24.2

WordPress OAuth Single Sign On – SSO (OAuth Client) Plugin <= 6.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Patchstack

N/A

2023-02-15< 6.24.2

OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page

Wordfence

N/A

2021-08-30< 6.20.3

Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting

Wordfence

N/A

2022-06-22< 6.23.0

OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Cross-Site Scripting

Wordfence

Medium 5.3

2022-07-17< 6.22.6

CVE-2022-2133

CVE Patchstack Wordfence WPScan