The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the website.
Vulnerabilities
In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.

Drag and Drop Multiple File Upload – Contact Form 7 by CodeDropz WordPress plugin Non-Arbitrary File Upload
The plugin was affected by a Non-Arbitrary File Upload and CSRF vulnerabilities. The two vulnerabilities allow us to upload files to the server, even with a script. Note: only limited file types can be uploaded.

OAuth Single Sign On – SSO (OAuth Client) by miniOrange WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the client’s website. Note: The plugin was affected by Broken Access Control vulnerability too. There are a lot of vulnerabilities and bugs in the code. But the analysis only deals with Auth Bypass because it is the most serious vulnerability. Note: To exploit the vulnerability, we need to log in with a user with any role.

OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) by securiseweb WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website. Note: The plugin was affected by Broken Access Control and Cross-Site Request Forgery (CSRF) vulnerabilities too. There are a lot of vulnerabilities and bugs in the code. But the analysis only deals with Auth Bypass because it is the most serious vulnerability.
Profile Builder by Cozmoslabs WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. The plugin has an improperly used method allowing to reset the user password, and gain unauthorized access.