OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) by securiseweb <= 3.0.3 - Auth Bypass
LANACOMMONVDB ID: 5e24314d-1f3e-4c31-b672-5df77ab58b67
The plugin is affected by a Broken Access Control, Cross-Site Request Forgery (CSRF) vulnerability that can be used to modify the OAuth server endpoints, which leads to an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrative role on the client’s website.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-08-12
- Published
- 2022-08-19
- Affected Version
- <= 3.0.3
Classification
- Type
- Authentication Bypass, Cross-Site Request Forgery (CSRF), Missing Authorization
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
