VYPR

Miniorange Login With Eve Online Google Facebook

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-9485CriOct 4, 2025
    risk 0.57cvss 9.8epss 0.01

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation…

  • CVE-2024-10111HigDec 12, 2024
    risk 0.53cvss 8.1epss 0.01

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for…

  • CVE-2025-10752MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.26.12. This is due to using a predictable state parameter (base64 encoded app name) without any randomness in the OAuth flow.…