Skip to main content

Oauth Single Sign On Sso Oauth Client

1 CVEs product

Monthly

CVE-2026-57807 CRITICAL Act Now

Authentication bypass in the miniOrange OAuth Single Sign On - SSO (OAuth Client) WordPress plugin (versions up to and including 38.5.8) lets remote unauthenticated attackers abuse an alternate authentication path in the password-recovery flow to log in as arbitrary users, including administrators. Rated CVSS 9.8, the flaw grants full account takeover without credentials or user interaction; there is no public exploit identified at time of analysis, but the plugin's SSO role and low attack complexity make it a high-value target.

Authentication Bypass Oauth Single Sign On Sso Oauth Client
NVD
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Authentication bypass in the miniOrange OAuth Single Sign On - SSO (OAuth Client) WordPress plugin (versions up to and including 38.5.8) lets remote unauthenticated attackers abuse an alternate authentication path in the password-recovery flow to log in as arbitrary users, including administrators. Rated CVSS 9.8, the flaw grants full account takeover without credentials or user interaction; there is no public exploit identified at time of analysis, but the plugin's SSO role and low attack complexity make it a high-value target.

Authentication Bypass Oauth Single Sign On Sso Oauth Client
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy