15 matches found
EUVD-2025-32420
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the...
EUVD-2022-37170
Malicious code in bioql PyPI...
WordPress OAuth Single Sign On – SSO (OAuth Client) plugin <= 6.26.12 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OAuth Single Sign On – SSO OAuth Client versions = 6.26.12...
WordPress OAuth Single Sign On (SSO) plugin <= 18.5.3 - Incorrect Authorization to Sensitive Information Exposure vulnerability
Incorrect Authorization to Sensitive Information Exposure vulnerability discovered by Israël Hallé Flare - Flare in WordPress Plugin OAuth Single Sign On - SSO OAuth Client versions = 18.5.3...
CVE-2023-1092
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...
CVE-2024-10111
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
Cross site request forgery (csrf)
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...
CVE-2023-1092 OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF
The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...
CVE-2023-1093 OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF
The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...
PT-2023-16748 · WordPress · Oauth Single Sign On
Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On WordPress plugin versions prior to 6.24.2 Description: The issue concerns a lack of CSRF checks when discarding Identify providers IdP in the OAuth Single Sign On WordPress plugin. This could allow attackers to make...
PT-2023-16747 · WordPress · Oauth Single Sign On Free +3
Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On Free WordPress plugin versions prior to 6.24.2 OAuth Single Sign On Standard WordPress plugin versions prior to 28.4.9 OAuth Single Sign On Premium WordPress plugin versions prior to 38.4.9 OAuth Single Sign On Enterprise...
OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF
The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...
OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF
The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...