Headline

CVE-2022-34858: WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability - Patchstack

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

2 years ago

CVE

Open in Source

#vulnerability #web #wordpress #oauth #auth

Verified

Fixed

5.9

CVSS 3.1 score Medium severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

OAuth 2.0 client for SSO

Type

Plugin

Vulnerable versions

<= 1.11.3

Fixed in

1.11.4

PSID

f26589749d3c

CVE ID

CVE-2022-34858

Classification

Bypass Vulnerability

OWASP Top 10

A2: Broken Authentication

Credits

Lana Codes

Publicly disclosed

2022-08-02

Details

Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth 2.0 client for SSO plugin (versions <= 1.11.3).

Solution

Update the WordPress OAuth 2.0 client for SSO plugin to the latest available version (at least 1.11.4).

References

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

2 years ago

CVE

Open in Source

#vulnerability #web #google #linux #java #wordpress #oauth #auth #chrome

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

9 months ago

9 months ago

9 months ago

9 months ago

9 months ago

Headline

CVE-2022-34858: WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability - Patchstack

Related news

CVE: Latest News