Does miniOrange Discord Integration have any unpatched vulnerabilities?

Yes — miniOrange Discord Integration currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is miniOrange Discord Integration compatible with WordPress 6.9.4?

According to WordPress.org data, miniOrange Discord Integration 2.2.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is miniOrange Discord Integration compatible with PHP 7.0+?

miniOrange Discord Integration requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is miniOrange Discord Integration updated?

miniOrange Discord Integration was last updated on Dec 15, 2025. Frequent updates are generally a positive security signal.

What is miniOrange Discord Integration's security score?

miniOrange Discord Integration has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

miniOrange Discord Integration Security Review — Score 70/100 (generally safe)

Safety Verdict

Is miniOrange Discord Integration Safe to Use in 2026?

Mostly Safe

Score 70/100

miniOrange Discord Integration is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: May 22, 2025Updated 3mo ago

Risk Assessment

The miniorange-discord-integration plugin exhibits a mixed security posture. While it demonstrates good practices in output escaping and a high percentage of prepared SQL statements, a significant concern arises from its attack surface. Five out of six entry points, including all AJAX handlers, lack proper authentication checks. This makes them vulnerable to unauthorized access and potentially malicious actions. The presence of unsanitized paths in taint analysis, even without critical or high severity, indicates potential weaknesses that could be exploited in conjunction with other vulnerabilities.

The vulnerability history is particularly concerning. With two known CVEs, one of which is critical and currently unpatched, the plugin carries a significant risk. The historical prevalence of 'Improper Control of Filename for Include/Require Statement' and 'Missing Authorization' vulnerabilities suggests recurring patterns of insecure coding practices related to file inclusion and access control. This, combined with the identified unprotected AJAX handlers, paints a picture of a plugin that has historically struggled with robust security.

In conclusion, while the plugin shows some strengths in output handling, the unpatched critical vulnerability, combined with a substantial unprotected attack surface and a history of similar security flaws, presents a high-risk scenario. Users should exercise extreme caution and prioritize patching the known vulnerability. Further investigation into the taint analysis findings and the nature of the unpatched CVE is strongly recommended.

Key Concerns

Unpatched critical CVE
Unprotected AJAX handlers
Unprotected shortcode
Flows with unsanitized paths

Vulnerabilities

2

miniOrange Discord Integration Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

1

Medium

1

2 total CVEs

CVE-2025-47672critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

miniOrange Discord Integration <= 2.2.2 - Unauthenticated Local File Inclusion

May 22, 2025Unpatched

CVE-2022-3082medium · 6.5Missing Authorization

miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update

Sep 22, 2022 Patched in 2.1.6 (488d)

Code Analysis

Analyzed Mar 16, 2026

miniOrange Discord Integration Code Analysis

Dangerous Functions

0

Raw SQL Queries

1

38 prepared

Unescaped Output

0

611 escaped

Nonce Checks

17

Capability Checks

18

File Operations

0

External Requests

3

Bundled Libraries

0

SQL Query Safety

97% prepared39 total queries

Output Escaping

100% escaped611 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

13 flows2 with unsanitized paths

mo_discord_login_validate (class-mo-discord-login-wid.php:644)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

miniOrange Discord Integration Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 5

authwp_ajax_mo_discord_capp_detailsminiorange_discord_sso_settings.php:40

authwp_ajax_mo_discord_capp_deleteminiorange_discord_sso_settings.php:41

authwp_ajax_mo_discord_test_configuration_updateminiorange_discord_sso_settings.php:42

authwp_ajax_mo_register_customer_toggle_updateminiorange_discord_sso_settings.php:43

authwp_ajax_mo_discord_disable_appminiorange_discord_sso_settings.php:44

Shortcodes 1

[miniorange_discord_login] miniorange_discord_sso_settings.php:49

WordPress Hooks 22

actionwp_loginclass-mo-discord-login-wid.php:13

actionwp_loginclass-mo-discord-login-wid.php:14

actionmo_user_registerclass-mo-discord-login-wid.php:15

actiondelete_userclass-mo-discord-login-wid.php:16

actionwidgets_initclass-mo-discord-login-wid.php:17

filterlogout_urlclass-mo-discord-login-wid.php:25

actionadmin_menuminiorange_discord_sso_settings.php:34

actionadmin_initminiorange_discord_sso_settings.php:35

actioninitminiorange_discord_sso_settings.php:36

actionadmin_initminiorange_discord_sso_settings.php:37

actionadmin_enqueue_scriptsminiorange_discord_sso_settings.php:38

actionadmin_enqueue_scriptsminiorange_discord_sso_settings.php:39

actionadmin_footerminiorange_discord_sso_settings.php:45

actionwp_enqueue_scriptsminiorange_discord_sso_settings.php:46

actionlogin_formminiorange_discord_sso_settings.php:96

actionregister_formminiorange_discord_sso_settings.php:101

filterget_avatarminiorange_discord_sso_settings.php:104

filterget_avatar_urlminiorange_discord_sso_settings.php:105

actionwp_enqueue_scriptsminiorange_discord_sso_settings.php:183

actionadmin_noticesminiorange_discord_sso_settings.php:208

actionadmin_noticesmo-discord-login-functions.php:577

actionadmin_noticesmo-discord-login-functions.php:587

Maintenance & Trust

miniOrange Discord Integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 15, 2025

PHP min version7.0

Downloads6K

Community Trust

Rating70/100

Number of ratings8

Active installs100

Alternatives

miniOrange Discord Integration Alternatives

SSO OAuth for Discord by path digital

sso-oauth-discord-by-path-digital

A

85

Discord OAuth for your Website. Hide your website content with Discord SSO and make it only available for your server members.

10 No CVEs

Simple Discord SSO ( Single Sign-On )

simple-discord-sso

A

85

A single sign-on plugin which allows any discord user to sign and/or register on your website with their Discord information.

10 No CVEs

Login for Google Apps

google-apps-login

A

100

Simple secure login and user management through your Google Workspace for WordPress (using oAuth2 and MFA if enabled).

10K 1 CVE

SAML Single Sign On – SSO Login

miniorange-saml-20-single-sign-on

A

98

SAML SSO (Single Sign On) for WordPress Login with Okta, Entra ID, Azure AD/B2C, G-Suite, Shibboleth, OneLogin, Keycloak, Salesforce [24/7 Support]

10K 6 CVEs

OAuth Single Sign On – SSO (OAuth Client)

miniorange-login-with-eve-online-google-facebook

B

82

WordPress SSO (Single Sign On) with Azure, Azure B2C, Cognito, Okta, Classlink, Discord, Clever, Keycloak, OAuth & OpenID Providers [24/7 SUPPORT].

7K 10 CVEs

Developer Profile

miniOrange Discord Integration Developer Profile

miniOrange

38 plugins · 83K total installs

76

trust score

Avg Security Score

96/100

Avg Patch Time

324 days

View full developer profile

Detection Fingerprints

How We Detect miniOrange Discord Integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/miniorange-discord-integration/includes/css/bootstrap-discord.min.css/wp-content/plugins/miniorange-discord-integration/includes/css/bootstrap.min-preview.min.css/wp-content/plugins/miniorange-discord-integration/includes/css/mo_discord_login_icons.min.css/wp-content/plugins/miniorange-discord-integration/includes/css/mo-font-awesome.min.css/wp-content/plugins/miniorange-discord-integration/includes/css/mo_discord_style.min.css/wp-content/plugins/miniorange-discord-integration/includes/css/phone.min.css/wp-content/plugins/miniorange-discord-integration/includes/js/mo_discord_phone.js

Script Paths

includes/js/mo_discord_phone.js

Version Parameters

plugins_url('includes/js/mo_discord_phone.js', __FILE__)plugins_url('includes/css/bootstrap-discord.min.css', __FILE__)plugins_url('includes/css/bootstrap.min-preview.min.css', __FILE__)plugins_url('includes/css/mo_discord_login_icons.min.css', __FILE__)plugins_url('includes/css/mo-font-awesome.min.css', __FILE__)plugins_url('includes/css/mo_discord_style.min.css', __FILE__)plugins_url('includes/css/phone.min.css', __FILE__)

HTML / DOM Fingerprints

CSS Classes

mo-wp-bootstrap-social

Data Attributes

data-toggle="tooltip" data-placement="bottom" title=""

JS Globals

window.mo_discord_login_custom_size

Shortcode Output

[miniorange_discord_login]

FAQ

miniOrange Discord Integration Security & Risk Analysis