ProfileGrid by Metagauss WordPress plugin Multiple Vulnerabilities

REPORT ID: 22ebfe5c-9725-4152-a54d-89b51c8b0fbd

The plugin was affected by Missing Authorization and Cross-Site Request Forgery (CSRF) vulnerabilities. The plugin creates a frontend user profile, groups, communities and messenger. However, the messenger is vulnerable because there is no user authentication, so the vulnerability allows us to list and modify other users’ messages.

OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass

REPORT ID: df23b19f-4134-41d3-8cb3-9d44189b461b

The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.

WP OAuth Server (Login with WordPress) by miniOrange WordPress plugin Authentication Bypass

REPORT ID: 6d794d65-d44b-4099-94c5-3dd2995b218c

The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the client’s website.

OAuth Single Sign On – SSO (OAuth Client) by miniOrange WordPress plugin Authentication Bypass

REPORT ID: 12bb3c02-45f1-4ce8-8a5a-8b44352cf7fc

The plugin contains an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.

Simple Single Sign On by Dash10 Digital WordPress plugin Authentication Bypass

REPORT ID: 0bab7575-45fc-432d-945e-6100c35c574c

The plugin contains an Auth Bypass vulnerability. Depending on the settings of the OAuth server, we may even be given an administrator role on the client’s website. The essence of OAuth authentication is that the user is authenticated by another server, in our case another WordPress website with an OAuth server plugin. But the vulnerability is in the OAuth client plugin.