Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/04 3:32 a.m.5 views

EUVD-2025-32420

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the...

9.8CVSS6AI score0.00563EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-37170

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00958EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/09/25 11:34 p.m.6 views

WordPress OAuth Single Sign On – SSO (OAuth Client) plugin <= 6.26.12 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin OAuth Single Sign On – SSO OAuth Client versions = 6.26.12...

4.3CVSS6.8AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/06/12 6:42 a.m.11 views

WordPress OAuth Single Sign On (SSO) plugin <= 18.5.3 - Incorrect Authorization to Sensitive Information Exposure vulnerability

Incorrect Authorization to Sensitive Information Exposure vulnerability discovered by Israël Hallé Flare - Flare in WordPress Plugin OAuth Single Sign On - SSO OAuth Client versions = 18.5.3...

5.3CVSS6.8AI score0.0025EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 2:34 a.m.11 views

CVE-2023-1092

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...

6.5CVSS6.7AI score0.00442EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/02/05 4:57 a.m.7 views

CVE-2024-10111

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...

8.1CVSS7.2AI score0.00759EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/12 3:23 a.m.16 views

CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...

8.1CVSS7.2AI score0.00759EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 3:23 a.m.24 views

CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass

The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...

8.1CVSS0.00759EPSS
Exploits0References3
Prion
Prion
added 2023/03/27 4:15 p.m.22 views

Cross site request forgery (csrf)

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...

4.3CVSS6.4AI score0.00442EPSS
Exploits5References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/27 3:39 p.m.12 views

CVE-2023-1092 OAuth Single Sign On - SSO (OAuth Client) - IdP Deletion via CSRF

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity...

6.7AI score0.00442EPSS
Exploits5References4
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.9 views

CVE-2023-1093 OAuth Single Sign On - SSO (OAuth Client) < 6.24.2 - IdP Discard via CSRF

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers IdP, which could allow attackers to make logged in admins delete all IdP via a CSRF attack...

6.4AI score0.00326EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.8 views

PT-2023-16748 · WordPress · Oauth Single Sign On

Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On WordPress plugin versions prior to 6.24.2 Description: The issue concerns a lack of CSRF checks when discarding Identify providers IdP in the OAuth Single Sign On WordPress plugin. This could allow attackers to make...

6.5CVSS7.1AI score0.00326EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.4 views

PT-2023-16747 · WordPress · Oauth Single Sign On Free +3

Name of the Vulnerable Software and Affected Versions: OAuth Single Sign On Free WordPress plugin versions prior to 6.24.2 OAuth Single Sign On Standard WordPress plugin versions prior to 28.4.9 OAuth Single Sign On Premium WordPress plugin versions prior to 38.4.9 OAuth Single Sign On Enterprise...

6.5CVSS6.8AI score0.00442EPSS
Exploits5References6
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.27 views

OAuth Single Sign On - SSO (OAuth Client) Standard < 28.4.9 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=mooauthsettings=config=delete=wordpress...

6.5CVSS6.6AI score0.00442EPSS
Exploits5Affected Software1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.515 views

OAuth Single Sign On - SSO (OAuth Client) Free < 6.24.2 - IdP Deletion via CSRF

The plugin does not have CSRF checks when deleting Identity Providers IdP, which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack https://example.com/wp-admin/admin.php?page=mooauthsettings&tab=config&action=delete&app=wordpress...

6.5CVSS6.8AI score0.00442EPSS
Exploits5
Rows per page
Query Builder