Auth bypass in Cyberlord92 Miniorange Social Login And Register (Discord, Google, Twitter, Linkedin)

CVE-2026-12761

The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass leading to account takeover in versions up to and including 7.7.0. This is due to the Profile Complet…

Vulnerability class: Broken Authentication

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-12761?
CVE-2026-12761 is a critical-severity vulnerability in Cyberlord92 Miniorange Social Login And Register (Discord, Google, Twitter, Linkedin), classified under Improper Authentication. CVSS score: 9.8/10. Published 2026-07-10.
How severe is CVE-2026-12761?
Critical severity. CVSS v3 base score is 9.8 out of 10.