OAuth 2.0 client for SSO by miniOrange <= 1.11.3 - Auth Bypass
REPORT ID: ac0bec28-ea44-46ee-9a35-d42273bce8dd
The plugin contains an Auth Bypass vulnerability. To bypass authentication, the attacker only needs to know the user's email address. Depending on the obtained email address, the attacker may even get an administrator role on the client's website.
You need to log in to view the vulnerability details.