Product
An authentication bypass vulnerability (CVE-2026-12761) in the miniOrange Social Login and Register WordPress plugin, affecting versions up to 7.7.0, allows unauthenticated attackers to trigger an OTP email to an arbitrary admin's address, offline crack the weak OTP from a leaked hash, and gain full administrator access by logging in as the target user.