Skip to main content

miniOrange OAuth SSO CVE-2026-57807

| EUVDEUVD-2026-43028 CRITICAL
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-07-10 Patchstack GHSA-x77p-gjm6-3v9r
9.8
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Unauthenticated network-reachable auth bypass (AV:N/AC:L/PR:N/UI:N) yielding administrator takeover gives full control of the site, so C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 21:31 vuln.today

DescriptionCVE.org

Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.

This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8.

AnalysisAI

Authentication bypass in the miniOrange OAuth Single Sign On - SSO (OAuth Client) WordPress plugin (versions up to and including 38.5.8) lets remote unauthenticated attackers abuse an alternate authentication path in the password-recovery flow to log in as arbitrary users, including administrators. Rated CVSS 9.8, the flaw grants full account takeover without credentials or user interaction; there is no public exploit identified at time of analysis, but the plugin's SSO role and low attack complexity make it a high-value target.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify site running miniOrange OAuth SSO ≤38.5.8
Delivery
Send crafted password-recovery request
Exploit
Bypass authentication via alternate channel
Execution
Obtain admin session
Persist
Install web shell or malicious plugin
Impact
Full site and server compromise

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target WordPress site have the miniOrange OAuth Single Sign On - SSO (OAuth Client) plugin installed and active at version 38.5.8 or earlier, with its password-recovery / alternate authentication path reachable over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to a genuine high priority rather than an inflated score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the WordPress site over the network sends crafted requests to the plugin's password-recovery / alternate authentication channel and, without supplying valid credentials, obtains an authenticated session as an administrator. From there they install a malicious plugin or web shell to achieve full site and server compromise. …
Remediation No vendor-released fixed version is identified in the provided data, so upgrade to any release later than 38.5.8 once miniOrange publishes it and confirm the exact patched version against the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/miniorange-oauth-oidc-single-sign-on/vulnerability/wordpress-oauth-single-sign-on-sso-oauth-client-plugin-38-5-8-broken-authentication-vulnerability before relying on it. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit all WordPress instances for miniOrange OAuth SSO plugin presence and versions; compile inventory by criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57807 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy