3 matches found
CVE-2024-10111
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
CVE-2024-10111 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.3 - Authentication Bypass
The OAuth Single Sign On – SSO OAuth Client plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers...
CVE-2024-10111
CVE-2024-10111 is an authentication bypass in the WordPress plugin OAuth Single Sign On – SSO (OAuth Client). Up to and including version 6.26.3, the token’s returned user is not properly verified, enabling unauthenticated attackers to log in as any existing site user (potentially an Administrato...