SecAlerts
CVE ListPricingSign Up
miniorange logo

miniorange

Security Risk Profile

49
/100
medium

Security Risk Score

Comprehensive risk assessment based on 71 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from June 24, 2019 to present

71
Total CVEs
36
Critical+High
0
Exploited
20
Unpatched

Threat Assessment

Avg CVSS
7
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
20
Critical/High
Risk Level
49/100
medium
📈 1 in Last 30 Days

Severity Distribution

Critical
11
High
25
Medium
34
Low
1

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
12

Age Distribution

Common Weaknesses (CWE)

1
XSS
14
2
CSRF
9
3
SQL Injection
4
4
Infoleak
3
5
Path Traversal
1

Most Affected Products

1. miniOrange Saml Sso - Service Provider Drupal78
2. miniOrange Miniorange 2fa Drupal12
3. miniOrange Oauth Single Sign On Wordpress7
4. miniOrange Google Authenticator WordPress6
5. miniOrange Active Directory Integration \/ Ldap Integration Wordpress6

Recent Vulnerabilities

See more →
CVE-2026-5343
CVSS 7.4high

SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

5/28/2026🔧 No Patch
CVE-2026-3217
CVSS 6.1medium

SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

3/25/2026🔧 No Patch
CVE-2025-54745
CVSS 6.5medium

WordPress miniOrange's Google Authenticator Plugin <= 6.1.1 - Broken Access Control Vulnerability

12/18/2025🔧 No Patch
CVE-2025-7665
CVSS 8.1high

Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation

9/19/2025🔧 No Patch
CVE-2025-53561
CVSS 6.5medium

WordPress Prevent files / folders access Plugin <= 2.6.0 - Path Traversal Vulnerability

8/20/2025
CVE-2025-54048
CVSS 9.3critical

WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability

8/20/2025
CVE-2025-54049
CVSS 9.9critical

WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability

8/20/2025
CVE-2025-6675
CVSS 4.8EPSS 0%medium

Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082

6/26/2025🔧 No Patch
CVE-2025-31019
CVSS 8.8high

WordPress Password Policy Manager plugin <= 2.0.4 - Account Takeover vulnerability

6/9/2025
CVE-2025-47670
CVSS 8.1EPSS 0%high

WordPress Social Login and Register plugin <= 7.6.10 - Local File Inclusion Vulnerability

5/23/2025🔧 No Patch

Monitor miniorange in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.