{"api_version":"1","generated_at":"2026-05-12T11:31:45+00:00","cve":"CVE-2023-25455","urls":{"html":"https://cve.report/CVE-2023-25455","api":"https://cve.report/api/cve/CVE-2023-25455.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-25455","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-25455"},"summary":{"title":"WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability","description":"Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.","state":"PUBLISHED","assigner":"Patchstack","published_at":"2024-12-09 13:15:23","updated_at":"2026-04-28 19:19:46"},"problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":[{"version":"3.1","source":"audit@patchstack.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve","name":"https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve","refsource":"audit@patchstack.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":""},{"url":"https://patchstack.com/database/Wordpress/Plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve","name":"https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-25455","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25455","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"miniOrange","product":"WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)","version":"affected n/a 7.6.0 custom","platforms":[]},{"source":"ADP","vendor":"miniorange","product":"wordpress_social_login_and_register_\\(discord\\,_google\\,_twitter\\,_linkedin\\)","version":"affected 7.6.0 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Update the WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin to the latest available version (at least 7.6.1).","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Rafshanzani Suhada (Patchstack Alliance)","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"affected":[{"cpes":["cpe:2.3:a:miniorange:wordpress_social_login_and_register_\\(discord\\,_google\\,_twitter\\,_linkedin\\):*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","product":"wordpress_social_login_and_register_\\(discord\\,_google\\,_twitter\\,_linkedin\\)","vendor":"miniorange","versions":[{"lessThanOrEqual":"7.6.0","status":"affected","version":"0","versionType":"custom"}]}],"metrics":[{"other":{"content":{"id":"CVE-2023-25455","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-12-09T14:57:32.027171Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-12-09T15:04:18.587Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://wordpress.org/plugins","defaultStatus":"unaffected","packageName":"miniorange-login-openid","product":"WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn)","vendor":"miniOrange","versions":[{"changes":[{"at":"7.6.1","status":"unaffected"}],"lessThanOrEqual":"7.6.0","status":"affected","version":"n/a","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Rafshanzani Suhada (Patchstack Alliance)"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.</p>"}],"value":"Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0."}],"impacts":[{"capecId":"CAPEC-180","descriptions":[{"lang":"en","value":"CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-28T16:08:08.055Z","orgId":"21595511-bba5-4825-b968-b78d1f9984a3","shortName":"Patchstack"},"references":[{"tags":["vdb-entry"],"url":"https://patchstack.com/database/wordpress/plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-discord-google-twitter-linkedin-plugin-7-6-0-arbitrary-content-deletion-vulnerability?_s_id=cve"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Update the WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin to the latest available version (at least 7.6.1)."}],"value":"Update the WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin to the latest available version (at least 7.6.1)."}],"source":{"discovery":"EXTERNAL"},"title":"WordPress WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.6.0 - Arbitrary Content Deletion vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"21595511-bba5-4825-b968-b78d1f9984a3","assignerShortName":"Patchstack","cveId":"CVE-2023-25455","datePublished":"2024-12-09T11:31:33.468Z","dateReserved":"2023-02-06T12:38:05.559Z","dateUpdated":"2026-04-28T16:08:08.055Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-12-09 13:15:23","lastModifiedDate":"2026-04-28 19:19:46","problem_types":["CWE-862","CWE-862 CWE-862 Missing Authorization"],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"25455","Ordinal":"1","Title":"WordPress WordPress Social Login and Register (Discord, Google, ","CVE":"CVE-2023-25455","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"25455","Ordinal":"1","NoteData":"Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0.","Type":"Description","Title":"WordPress WordPress Social Login and Register (Discord, Google, "}]}}}