{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:39:23.784","vulnerabilities":[{"cve":{"id":"CVE-2025-47670","sourceIdentifier":"audit@patchstack.com","published":"2025-05-23T13:15:42.507","lastModified":"2026-04-23T15:30:43.033","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects WordPress Social Login and Register: from n/a through <= 7.6.10."},{"lang":"es","value":"Vulnerabilidad de control inadecuado del nombre de archivo para declaraciones Include/Require en programas PHP ('Inclusión remota de archivos PHP') en miniOrange WordPress Social Login and Register permite la inclusión local de archivos en PHP. Este problema afecta al inicio de sesión y registro social de WordPress desde n/d hasta la versión 7.6.10."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-98"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-7-6-9-local-file-inclusion-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}