OAuth 2.0 client for SSO by miniOrange <= 1.11.3 - Auth Bypass
LANACOMMONVDB ID: ac0bec28-ea44-46ee-9a35-d42273bce8dd
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.