WP-Safety

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Security & Risk Analysis

wordpress.org/plugins/miniorange-login-openid

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo …

10K active installs v7.7.0 PHP 5.4+ WP 2.0.2+ Updated Jun 4, 2025
facebookgooglelinkedinsocial-loginxtwitter
56
C · Use Caution
CVEs total9
Unpatched1
Last CVESep 28, 2025
Plugin page Download
Safety Verdict

Is miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Safe to Use in 2026?

Use With Caution

Score 56/100

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

9 known CVEs 1 unpatched Last CVE: Sep 28, 2025Updated 10mo ago
Risk Assessment

The 'miniorange-login-openid' plugin exhibits a mixed security posture. While it demonstrates strong practices in SQL query sanitization (94% prepared statements) and output escaping (100% properly escaped), significant concerns arise from its attack surface. A substantial 18 out of 24 entry points, primarily AJAX handlers, lack authentication checks, presenting a clear avenue for unauthorized actions. Furthermore, the plugin has a concerning history of documented vulnerabilities, including 9 known CVEs, with one critical and four high-severity issues remaining unpatched. The common vulnerability types, such as Remote File Inclusion, Improper Authentication, and Cross-Site Scripting, suggest recurring weaknesses in input validation and access control mechanisms. The presence of 2 high-severity taint flows with unsanitized paths, despite the overall low count, adds to the potential for exploitable weaknesses. While the plugin's adherence to secure output handling is commendable, the exposed AJAX endpoints and the unresolved historical vulnerabilities paint a picture of a plugin that requires immediate attention to secure its broader attack surface and address its persistent security flaws.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched critical CVE
  • Unpatched high severity CVEs (x4)
  • High severity taint flows (x2)
  • Vulnerability history (multiple critical/high)
Vulnerabilities
9

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
5 CVEs in 2023
2023
3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
4
Medium
4

9 total CVEs

CVE-2025-68974medium · 6.6Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Social Login and Register <= 7.7.0 - Authenticated (Administrator+) Local File Inclusion

Sep 28, 2025Unpatched
CVE-2025-47670high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

WordPress Social Login and Register <= 7.6.10 - Unauthenticated Local File Inclusion

May 21, 2025 Patched in 7.7.0 (132d)
CVE-2024-11087high · 8.1Improper Authentication

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Pro Addon <= 200.3.9 - Authentication Bypass

Mar 7, 2025 Patched in 200.3.10 (25d)
CVE-2023-47683high · 8.8Improper Privilege Management

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.6 - Authenticated (Subscriber+) Privilege Escalation

Nov 9, 2023 Patched in 7.6.7 (75d)
CVE-2023-2982critical · 9.8Authentication Bypass Using an Alternate Path or Channel

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass

Jun 28, 2023 Patched in 7.6.5 (209d)
CVE-2023-23710medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 15, 2023 Patched in 7.6.0 (342d)
CVE-2023-23706high · 8.8Cross-Site Request Forgery (CSRF)

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery

Feb 15, 2023 Patched in 7.5.15 (342d)
CVE-2023-25455medium · 5.3Missing Authorization

WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion

Feb 13, 2023 Patched in 7.6.1 (344d)
CVE-2023-24375medium · 6.5Missing Authorization

WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update

Sep 23, 2022 Patched in 7.5.13 (487d)
Code Analysis
Analyzed Mar 16, 2026

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
58 prepared
Unescaped Output
3
5267 escaped
Nonce Checks
47
Capability Checks
37
File Operations
0
External Requests
7
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

94% prepared62 total queries

Output Escaping

100% escaped5270 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

25 flows9 with unsanitized paths
mo_openid_add_comment (miniorange_openid_sso_settings.php:329)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Attack Surface

Entry Points24
Unprotected18

AJAX Handlers 18

authwp_ajax_mo-openid-sso-sort-actionminiorange_openid_sso_settings.php:43
authwp_ajax_mo_openid_shareminiorange_openid_sso_settings.php:44
authwp_ajax_mo_openid_app_enableminiorange_openid_sso_settings.php:45
authwp_ajax_mo_openid_app_instructionsminiorange_openid_sso_settings.php:46
authwp_ajax_mo_openid_capp_detailsminiorange_openid_sso_settings.php:47
authwp_ajax_mo_openid_capp_deleteminiorange_openid_sso_settings.php:48
authwp_ajax_mo_openid_test_configuration_updateminiorange_openid_sso_settings.php:49
authwp_ajax_mo_openid_social_linkingminiorange_openid_sso_settings.php:50
authwp_ajax_mo_openid_profile_compminiorange_openid_sso_settings.php:51
authwp_ajax_custom_app_enable_change_updateminiorange_openid_sso_settings.php:52
authwp_ajax_mo_register_customer_toggle_updateminiorange_openid_sso_settings.php:53
authwp_ajax_mo_openid_check_capp_enableminiorange_openid_sso_settings.php:54
authwp_ajax_mo_register_new_userminiorange_openid_sso_settings.php:55
authwp_ajax_mo_register_old_userminiorange_openid_sso_settings.php:56
authwp_ajax_mo_sharing_app_valueminiorange_openid_sso_settings.php:57
authwp_ajax_mo_openid_rating_givenminiorange_openid_sso_settings.php:58
authwp_ajax_mo_disable_appminiorange_openid_sso_settings.php:59
authwp_ajax_verify_addon_licienceminiorange_openid_sso_settings.php:64

Shortcodes 6

[miniorange_social_login] miniorange_openid_sso_settings.php:70
[miniorange_social_sharing] miniorange_openid_sso_settings.php:71
[miniorange_social_sharing_vertical] miniorange_openid_sso_settings.php:72
[miniorange_social_custom_fields] miniorange_openid_sso_settings.php:73
[miniorange_social_comments] miniorange_openid_sso_settings.php:76
[miniorange_social_login_logout] miniorange_openid_sso_settings.php:77
WordPress Hooks 39
actionwp_loginclass-mo-openid-login-widget.php:4
actionmo_user_registerclass-mo-openid-login-widget.php:5
actionmo_user_registerclass-mo-openid-login-widget.php:6
actionwp_loginclass-mo-openid-login-widget.php:8
actionwp_loginclass-mo-openid-login-widget.php:10
actiondelete_userclass-mo-openid-login-widget.php:12
actionmanage_users_custom_columnclass-mo-openid-login-widget.php:14
actionwidgets_initclass-mo-openid-login-widget.php:15
actionwidgets_initclass-mo-openid-login-widget.php:21
actionwidgets_initclass-mo-openid-login-widget.php:27
filterlogout_urlclass-mo-openid-login-widget.php:35
actionplugins_loadedminiorange_openid_sso_settings.php:36
actionadmin_menuminiorange_openid_sso_settings.php:37
actionadmin_initminiorange_openid_sso_settings.php:38
actioninitminiorange_openid_sso_settings.php:39
actionplugins_loadedminiorange_openid_sso_settings.php:40
actionadmin_enqueue_scriptsminiorange_openid_sso_settings.php:41
actionadmin_enqueue_scriptsminiorange_openid_sso_settings.php:42
actionadmin_footerminiorange_openid_sso_settings.php:60
actionwp_enqueue_scriptsminiorange_openid_sso_settings.php:61
filterthe_contentminiorange_openid_sso_settings.php:74
filterthe_excerptminiorange_openid_sso_settings.php:75
actionmo_openid_registration_redirectminiorange_openid_sso_settings.php:154
actionwoocommerce_login_form_startminiorange_openid_sso_settings.php:177
actionwoocommerce_login_formminiorange_openid_sso_settings.php:180
actioncomment_form_must_log_in_afterminiorange_openid_sso_settings.php:184
actioncomment_form_topminiorange_openid_sso_settings.php:185
actioncomment_form_topminiorange_openid_sso_settings.php:188
actionlogin_formminiorange_openid_sso_settings.php:193
actionregister_formminiorange_openid_sso_settings.php:198
actioncomment_form_must_log_in_afterminiorange_openid_sso_settings.php:203
actioncomment_form_topminiorange_openid_sso_settings.php:204
filterget_avatarminiorange_openid_sso_settings.php:209
filterget_avatar_urlminiorange_openid_sso_settings.php:210
filterbp_core_fetch_avatarminiorange_openid_sso_settings.php:211
actionwp_enqueue_scriptsminiorange_openid_sso_settings.php:321
actionadmin_noticesminiorange_openid_sso_settings.php:354
actionadmin_noticesmo-openid-social-login-functions.php:905
actionadmin_noticesmo-openid-social-login-functions.php:910
Maintenance & Trust

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 4, 2025
PHP min version5.4
Downloads1.7M

Community Trust

Rating92/100
Number of ratings356
Active installs10K
Alternatives

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Alternatives

UsersWP – Social Login

UsersWP – Social Login

userswp-social-login

A
100

Social Login addon for UsersWP.

2K No CVEs
Happy Social Login

Happy Social Login

happy-social-login

A
92

Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.

100 No CVEs
Nextend Social Login and Register

Nextend Social Login and Register

nextend-facebook-connect

A
89

One click registration & login plugin for Facebook, Google, X (formerly Twitter) and more. Quick setup and easy configuration.

200K 6 CVEs
Social Media Widget

Social Media Widget

social-media-widget

A
87

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

tagembed-widget

A
99

Collect & Embed Instagram Feed, Embed Facebook Feed, Embed YouTube Videos, Embed Twitter Feed, Google Reviews & 15+ Social Media Feed on website.

10K 2 CVEs
Developer Profile

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) Developer Profile

miniOrange

38 plugins · 83K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
324 days
View full developer profile
Detection Fingerprints

How We Detect miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/miniorange-login-openid/includes/css/mo_openid_admin.css/wp-content/plugins/miniorange-login-openid/includes/css/mo_openid_social_login.css/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_social_login.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_admin.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_profile_completion.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_social_comment.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_admin_script.js
Script Paths
/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_social_login.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_admin.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_profile_completion.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_social_comment.js/wp-content/plugins/miniorange-login-openid/includes/js/mo_openid_admin_script.js
Version Parameters
miniorange-login-openid/includes/css/mo_openid_admin.css?ver=miniorange-login-openid/includes/css/mo_openid_social_login.css?ver=miniorange-login-openid/includes/js/mo_openid_social_login.js?ver=miniorange-login-openid/includes/js/mo_openid_admin.js?ver=miniorange-login-openid/includes/js/mo_openid_profile_completion.js?ver=miniorange-login-openid/includes/js/mo_social_comment.js?ver=miniorange-login-openid/includes/js/mo_openid_admin_script.js?ver=

HTML / DOM Fingerprints

CSS Classes
mo_openid_social_login_parent_divmo_openid_social_login_main_divmo_openid_social_login_facebookmo_openid_social_login_googlemo_openid_social_login_twittermo_openid_social_login_linkedinmo_openid_social_login_applemo_openid_social_login_amazon+51 more
HTML Comments
<!-- Added by miniOrange Social Login plugin --><!-- IMPORTANT: Add this code in your theme's footer.php file, before the closing </body> tag --><!-- PLEASE READ THE DOCUMENTATION --><!-- If you are getting ERROR: Invalid State parameter, make sure to check your session handling. -->+23 more
Data Attributes
data-plugin-urldata-app-iddata-app-namedata-app-keydata-app-secretdata-redirect-uri+32 more
JS Globals
mo_openid_social_login_varsmo_openid_social_comment_varsmo_openid_share_varsmo_openid_login_widget_vars
REST Endpoints
/wp-json/mo-openid-sso/v1/login/wp-json/mo-openid-sso/v1/share/wp-json/mo-openid-sso/v1/comment
Shortcode Output
[miniorange_social_login][miniorange_social_sharing][miniorange_social_sharing_vertical][miniorange_social_custom_fields]
FAQ

Frequently Asked Questions about miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)