Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated network-reachable auth bypass (AV:N/AC:L/PR:N/UI:N) yielding administrator takeover gives full control of the site, so C:H/I:H/A:H.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd. OAuth Single Sign On - SSO (OAuth Client) allows Password Recovery Exploitation.
This issue affects OAuth Single Sign On - SSO (OAuth Client): from n/a through 38.5.8.
AnalysisAI
Authentication bypass in the miniOrange OAuth Single Sign On - SSO (OAuth Client) WordPress plugin (versions up to and including 38.5.8) lets remote unauthenticated attackers abuse an alternate authentication path in the password-recovery flow to log in as arbitrary users, including administrators. Rated CVSS 9.8, the flaw grants full account takeover without credentials or user interaction; there is no public exploit identified at time of analysis, but the plugin's SSO role and low attack complexity make it a high-value target.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target WordPress site have the miniOrange OAuth Single Sign On - SSO (OAuth Client) plugin installed and active at version 38.5.8 or earlier, with its password-recovery / alternate authentication path reachable over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to a genuine high priority rather than an inflated score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the WordPress site over the network sends crafted requests to the plugin's password-recovery / alternate authentication channel and, without supplying valid credentials, obtains an authenticated session as an administrator. From there they install a malicious plugin or web shell to achieve full site and server compromise. … |
| Remediation | No vendor-released fixed version is identified in the provided data, so upgrade to any release later than 38.5.8 once miniOrange publishes it and confirm the exact patched version against the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/miniorange-oauth-oidc-single-sign-on/vulnerability/wordpress-oauth-single-sign-on-sso-oauth-client-plugin-38-5-8-broken-authentication-vulnerability before relying on it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all WordPress instances for miniOrange OAuth SSO plugin presence and versions; compile inventory by criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43028
GHSA-x77p-gjm6-3v9r