Secufor Oauth
Monthly
Unauthenticated remote attackers can disconnect any WordPress site running the Secufor_OAuth plugin from its linked Secufor identity account by triggering an unprotected action handler that clears the stored OAuth token and login configuration. All plugin versions through 1.0.7 are affected, confirmed by Wordfence and traceable to specific lines in the plugin source. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the trivially low attack complexity (AV:N/AC:L/PR:N) means exploitation requires only an HTTP request.
Unauthenticated remote attackers can disconnect any WordPress site running the Secufor_OAuth plugin from its linked Secufor identity account by triggering an unprotected action handler that clears the stored OAuth token and login configuration. All plugin versions through 1.0.7 are affected, confirmed by Wordfence and traceable to specific lines in the plugin source. No public exploit has been identified at time of analysis, and no CISA KEV listing is present, though the trivially low attack complexity (AV:N/AC:L/PR:N) means exploitation requires only an HTTP request.