2 matches found
CVE-2022-2083
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site...
Simple Single Sign On <= 4.1.0 - Authentication Bypass
The plugin leaks its OAuth clientsecret, which could be used by attackers to gain unauthorized access to the site. PoC When we click the "Single Sign On" button, the plugin redirects us to the OAuth server to authenticate ourselves if we are not logged in. The button invokes the following URL:...