Skip to main content

Oauth Single Sign On

4 CVEs product

Monthly

CVE-2022-34155 HIGH POC This Week

Improper Authentication vulnerability in miniOrange OAuth Single Sign On - SSO (OAuth Client) plugin allows Authentication Bypass.23.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oauth Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-1093 MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1092 MEDIUM POC This Month

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-2133 MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oauth Single Sign On
NVD WPScan
CVSS 3.1
5.3
EPSS
1.0%
EPSS 0% CVSS 8.8
HIGH POC This Week

Improper Authentication vulnerability in miniOrange OAuth Single Sign On - SSO (OAuth Client) plugin allows Authentication Bypass.23.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oauth Single Sign On
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Oauth Single Sign On
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy