OAuth Single Sign On – SSO (OAuth Client) by miniOrange

OAuth Single Sign On – SSO (OAuth Client) by miniOrange <= 6.22.5 - Auth Bypass

LANACOMMONVDB ID: 21a45363-8b09-4da1-ae17-6f4458a1ad19

The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/miniorange-login-with-eve-online-google-facebook/

CVE: CVE-2022-2133

LANAVDB: https://lana.codes/lanavdb/12bb3c02-45f1-4ce8-8a5a-8b44352cf7fc/

Attributes

Catgory: WordPress Plugin

Discovered: 2022-06-12

Published: 2022-06-20

Affected Version: <= 6.22.5

Classification

Type: Authentication Bypass

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).