CVE-2024-11087
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication BypassThe miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 200.3.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token.
We have discovered 136 live websites that are affected by CVE-2024-11087.
Affected Software
| Product |  Miniorange Login Openid |
| Category | Wordpress Plugins |
| Vulnerable Domains | 136 live websites (65% of Miniorange Login Openid install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 12 versions ( 86% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - Mar 8, 2025
- Updated - Mar 11, 2025
Credits
- wesley (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-11087 United States | 46 websites |
 Singapore | 14 websites |
 Russia | 11 websites |
 Germany | 8 websites |
 Netherlands | 5 websites |
 Cyprus | 5 websites |
 Denmark | 4 websites |
 Italy | 3 websites |
 Canada | 3 websites |
 Poland | 3 websites |
Website Distribution by TLD
Number of websites using CVE-2024-11087| .com | 69 websites |
| .ru | 7 websites |
| .nl | 4 websites |
| .dk | 3 websites |
| .it | 3 websites |
| .info | 3 websites |
| .ca | 2 websites |
| .co.uk | 2 websites |
| .com.au | 2 websites |
| .cz | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-11087
Top websites that are affected by CVE-2024-11087. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.****.edu | United States | ***,*** | |
| *************.com | United States | ***,*** | |
| *****************.com | United States | ***,*** | |
| *******.**********************.com | United States | ***,*** | |
| ******.se |  Sweden | *,***,*** | |
| *************.com | United States | *,***,*** | |
| *****.ua |  Ukraine | *,***,*** | |
| *******.sg | Singapore | *,***,*** | |
| *********.co | United States | *,***,*** | |
| *************.com | United States | *,***,*** |
FAQ
CVE-2024-11087 is Improper Authentication in Miniorange Login Openid
A total of 136 websites have been identified as vulnerable to CVE-2024-11087, based on global website indexing conducted by WebTechSurvey.
The Miniorange Login Openid is affected by the CVE-2024-11087 vulnerability.
Miniorange Login Openid versions up to and including 7.6.9 are vulnerable to CVE-2024-11087.