Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34858: WordPress OAuth 2.0 client for SSO plugin <= 1.11.3 - Authentication Bypass vulnerability - Patchstack

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

CVE
#vulnerability#web#wordpress#oauth#auth

Verified

Fixed

5.9

CVSS 3.1 score Medium severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

OAuth 2.0 client for SSO

Type

Plugin

Vulnerable versions

<= 1.11.3

Fixed in

1.11.4

PSID

f26589749d3c

CVE ID

CVE-2022-34858

Classification

Bypass Vulnerability

OWASP Top 10

A2: Broken Authentication

Credits

Lana Codes

Publicly disclosed

2022-08-02

Details

Authentication Bypass vulnerability discovered by Lana Codes in WordPress OAuth 2.0 client for SSO plugin (versions <= 1.11.3).

Solution

Update the WordPress OAuth 2.0 client for SSO plugin to the latest available version (at least 1.11.4).

References

Related news

CVE-2022-34858: OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907