cleantalk
Vulnerabilities and Security Researches

Login with Azure (Azure SSO), c6ed33faf4d01e26dafb51a8006cc4f1d3df0c89

CVE, Research URL

c6ed33faf4d01e26dafb51a8006cc4f1d3df0c89

Home page URL

Security reports for Login with Azure (Azure SSO)

Application

Login with Azure (Azure SSO)

Published on
Aug 30, 2021
Research Description
All-in-One Microsoft Office 365 Apps + Azure/EntraID Login [login-with-azure] < 1.4.5 Multiple miniOrange Plugins (Various Version) - Reflected Cross-Site Scripting Multiple miniorange Plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'appId' parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.4.5.
Status
vulnerable
Previous vulnerability researches
WP OER (41a2f0929035b1fd78991004b5d7fafca667f9cd) , Jun 07, 2024
SS Quiz (d3765e4a45c0d6edfafdf1ac33018406cbb14a92) , Jun 06, 2024
FeedWordPress Advanced Filters (CVE-2025-68843) , Feb 27, 2026
Login with Azure (Azure SSO) (c6ed33faf4d01e26dafb51a8006cc4f1d3df0c89) , Jun 07, 2024
Headline Analyzer (1a06b2d9fafa72a3ffd3da92198a28b07fd3b87d) , Jun 07, 2024
New vulnerability
WPshop 2 &#8211; E-Commerce (CVE-2025-69383) , Feb 28, 2026
WP Cookie Consent ( for GDPR, CCPA &amp; ePrivacy ) (CVE-2025-11754) , Feb 28, 2026
RealPress &#8211; Real Estate Plugin (CVE-2026-27050) , Feb 28, 2026
Enter Addons &#8211; Ultimate Template Builder for Elementor (CVE-2026-25014) , Feb 28, 2026
WP FullCalendar (CVE-2026-22351) , Feb 28, 2026