The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the client’s website.
Vulnerabilities
In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.
By: 
OAuth Single Sign On – SSO (OAuth Client) by miniOrange WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.
Simple Single Sign On by Dash10 Digital WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. Depending on the settings of the OAuth server, we may even be given an administrator role on the client’s website. The essence of OAuth authentication is that the user is authenticated by another server, in our case another WordPress website with an OAuth server plugin. But the vulnerability is in the OAuth client plugin.
OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass
The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.