The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Sep 2022, 16:28
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oauth_client_single_sign_on_project:oauth_client_single_sign_on:*:*:*:*:*:wordpress:*:* | |
First Time |
Oauth Client Single Sign On Project oauth Client Single Sign On
Oauth Client Single Sign On Project |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | (MISC) https://wpscan.com/vulnerability/55b83cee-a8a5-4f9d-a976-a3eed9a558e5 - Exploit, Third Party Advisory |
26 Sep 2022, 13:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-26 13:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-3119
Mitre link : CVE-2022-3119
CVE.ORG link : CVE-2022-3119
JSON object : View
Products Affected
oauth_client_single_sign_on_project
- oauth_client_single_sign_on