Primary

Context

miniOrange Password Policy Manager Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability allowing authentication abuse has been identified in the miniOrange Password Policy Manager WordPress plugin, affecting versions through 2.0.4. This vulnerability allows malicious actors to perform actions typically reserved for users with higher privileges, potentially leading to unauthorized admin access.

Impact

Exploitation of this vulnerability could result in unauthorized administrative access to the WordPress site.

Remediation

Users of the miniOrange Password Policy Manager WordPress plugin are advised to update to version 2.0.4 or later. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability.

Added: Jun 9, 2025, 4:59 PM

Updated: Jun 9, 2025, 4:59 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

miniOrange Password Policy Manager Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating