Primary

Context

miniOrange WordPress REST API Authentication Missing Authorization Vulnerability

Vulnerability

Patched

A missing authorization vulnerability has been identified in the miniOrange WordPress REST API Authentication plugin, affecting versions through 3.6.3. This vulnerability allows for the exploitation of incorrectly configured access control security levels.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in settings, allowing users to manipulate configurations that should be restricted.

Remediation

Users of the miniOrange WordPress REST API Authentication plugin should update to version 3.6.4 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

miniOrange WordPress REST API Authentication Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

miniOrange WordPress REST API Authentication

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating