CVE-2025-68974 | miniOrange Social Login and Register Plugin up to 7.7.0 on WordPress filename control

Uncategorized
Yanac

A vulnerability was found in miniOrange Social Login and Register Plugin up to 7.7.0 on WordPress. It has been declared as critical. Impacted is an unknown function. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is referenced as CVE-2025-68974. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More